SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for MozillaThunderbird-debugsource-3.1.20-1.15.x86_64.rpm :
Tue Mar 6 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.1.20 (bnc#750044)

* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access

* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL

* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer

* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page

* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards

Thu Feb 16 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.1.19 (bnc#747328)

* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow

Sun Jan 29 13:00:00 2012 wrAATTrosenauer.org
- security update to 3.1.18 (bnc#744275)

* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards

* MFSA 2012-02/CVE-2011-3670 (bmo#504014)

* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes

* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files

* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets

Sun Dec 18 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.1.17 (bnc#737533)

* MFSA 2011-59/CVE-2011-3666 (bmo#704622)
.jar not treated as executable in Firefox 3.6 on Mac

Tue Nov 1 13:00:00 2011 wrAATTrosenauer.org
- security update to 3.1.16 (bnc#728520)

* MFSA 2011-46/CVE-2011-3647 (bmo#680880)
loadSubScript unwraps XPCNativeWrapper scope parameter

* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS

* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug

Wed Sep 21 14:00:00 2011 wrAATTrosenauer.org
- security update to 3.1.15 (bnc#720264)

* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996
Miscellaneous memory safety hazards

* MFSA 2011-38/CVE-2011-2999 (bmo#665548)
XSS via plugins and shadowed window.location object

* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
Defense against multiple Location headers due to CRLF Injection

* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
Code installation through holding down Enter

Wed Sep 7 14:00:00 2011 pcernyAATTsuse.com
- security update to 3.1.14 (bnc#714931)

* Complete blocking of certificates issued by DigiNotar
(bmo#683449)

Mon Sep 5 14:00:00 2011 pcernyAATTsuse.com
- security update to 3.1.13 (bnc#714931)

* MFSA 2011-34
Protection against fraudulent DigiNotar certificates
(bmo#682927)

Thu Aug 25 14:00:00 2011 dmuellerAATTsuse.de
- make enigmail a subversion of Thunderbird to fix %release
number tracking issues with the Open Build Service

Fri Aug 5 14:00:00 2011 wrAATTrosenauer.org
- security update to version 3.1.12 (bnc#712224) MFSA 2011-32

* CVE-2011-2982
Miscellaneous memory safety hazards

* CVE-2011-0084 (bmo#648094)
Crash in SVGTextElement.getCharNumAtPosition()

* CVE-2011-2981
Privilege escalation using event handlers

* CVE-2011-2378 (bmo#648065)
Dangling pointer vulnerability in appendChild

* CVE-2011-2984 (bmo#572129)
Privilege escalation dropping a tab element in content area

* CVE-2011-2980 (bmo#642469)
Binary planting vulnerability in ThinkPadSensor::Startup

* CVE-2011-2983 (bmo#626297)
Private data leakage using RegExp.input

Mon Jun 20 14:00:00 2011 wrAATTrosenauer.org
- security update to version 3.1.11 (bnc#701296)

* MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
CVE-2011-2365
Miscellaneous memory safety hazards

* MFSA 2011-20/CVE-2011-2373 (bmo#617247)
Use-after-free vulnerability when viewing XUL document with
script disabled

* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
Memory corruption due to multipart/x-mixed-replace images

* MFSA 2011-22/CVE-2011-2371 (bmo#664009)
Integer overflow and arbitrary code execution in
Array.reduceRight()

* MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
Multiple dangling pointer vulnerabilities

* MFSA 2011-24/CVE-2011-2362 (bmo#616264)
Cookie isolation error
- speed up find-external-requires.sh
- do not build dump_syms static as it is not needed for us
- > fixes build for 12.1 and above

Fri Apr 15 14:00:00 2011 wrAATTrosenauer.org
- security update to version 3.1.10 (bnc#689281)

* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072
CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
CVE-2011-0080 CVE-2011-0081
Miscellaneous memory safety hazards

Fri Mar 25 13:00:00 2011 idoenmezAATTnovell.com
- Add mozilla-gcc46.patch: fix compilation with gcc 4.6
See the following bug reports:
https://bugzilla.mozilla.org/show_bug.cgi?id=623116
https://bugzilla.mozilla.org/show_bug.cgi?id=623123
https://bugzilla.mozilla.org/show_bug.cgi?id=623126
https://bugzilla.mozilla.org/show_bug.cgi?id=628371

Tue Feb 22 13:00:00 2011 wrAATTrosenauer.org
- security update to version 3.1.8 (build3) (bnc#667155)

* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

* MFSA 2011-08/CVE-2010-1585 (bmo#562547)
ParanoidFragmentSink allows javascript: URLs in chrome documents

* MFSA 2011-09/CVE-2011-0061 (bmo#610601)
Crash caused by corrupted JPEG image

Thu Jan 13 13:00:00 2011 wrAATTrosenauer.org
- rename desktop file for 11.4 and above (bnc#664211)

Mon Jan 10 13:00:00 2011 wrAATTrosenauer.org
- add x-scheme-handler/mailto as mimetype to the desktop file
as needed by newer Gnome environment

Mon Nov 29 13:00:00 2010 wrAATTrosenauer.org
- security update to version 3.1.7 (bnc#657016)

* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string

* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer
- provide versioned \"thunderbird\" symbol

Wed Oct 27 14:00:00 2010 wrAATTrosenauer.org
- security update to version 3.1.6 (bnc#649492)

* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion

Wed Oct 6 14:00:00 2010 wrAATTrosenauer.org
- security update to version 3.1.5 (bnc#645315)

* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards

* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write

* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp

* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter

* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls

* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses

* MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
Unsafe library loading vulnerabilities

* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange

* new extra locales

* removed upstreamed mozilla-helper-app.patch
- require mozilla-nss >= 3.12.8

Wed Sep 15 14:00:00 2010 wrAATTrosenauer.org
- update to version 3.1.4

* fixing startup topcrash

Mon Aug 30 14:00:00 2010 wrAATTrosenauer.org
- security update to version 3.1.3 (bnc#637303)

* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards

* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability

* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array

* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText

* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection

* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution

* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument

* MFSA 2010-59/CVE-2010-2762 (bmo#584180)
SJOW creates scope chains ending in outer object

* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using type
attribute

* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS

* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
- ESD notification sound fix included upstream

Mon Aug 30 14:00:00 2010 wrAATTrosenauer.org
- fixed build with latest Gnome
(mozilla-gdk-pixbuf.patch)

Sat Jul 24 14:00:00 2010 wrAATTrosenauer.org
- update to version 3.1.1

* based on the Gecko 1.9.2 platform

* Faster Search Results

* Quick Filter Toolbar

* New Migration Assistant

* Saved Files Manager
- update to enigmail 1.1.2
- enable crashreporter and package buildsymbols
- fixed esd sound output (notifications) (bmo#576365)

Fri Jul 16 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.0.6 (bnc#622506)

* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards

* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow

* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability

* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image

* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts

* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS

* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages

Fri May 21 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.0.5 (bnc#603356)

* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion

* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.1.10)

* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal

* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting

Mon Apr 12 14:00:00 2010 wrAATTrosenauer.org
- do not encode the RPM release number into the useragent
to avoid non useful republishing (bnc#593807)

Wed Mar 17 13:00:00 2010 wrAATTrosenauer.org
- security update to 3.0.4 (bnc#586567)

* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption

* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
Remote code execution with use-after-free in nsTreeSelection

* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication

* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn\'t check nsIContentPolicy

Sun Feb 28 13:00:00 2010 wrAATTrosenauer.org
- update to 3.0.3

* Fix for missing folders or empty folder pane after updating
to Thunderbird 3.0.2

Fri Feb 26 13:00:00 2010 wrAATTrosenauer.org
- security update to 3.0.2 (bnc#576969)

* MFSA 2010-01/CVE-2010-0159
Crashes with evidence of memory corruption

* MFSA 2010-03/CVE-2009-1571
Use-after-free crash in HTML parser

* various stability improvements
- update enigmail to 1.0.1

* Czech, Dutch, Polish and Portuguese (Brazilian) languages
were added to the release.

* there are several fixes related using OpenPGP Smartcards
- use system hunspell again (bnc#582276)

Mon Jan 11 13:00:00 2010 wrAATTrosenauer.org
- update to 3.0.1

* fixed UI issues related to some combinations of installed addons
(bmo#398702)
- fixed session restore (bnc#528406, bmo#508986)
- removed obsolete lightning stuff from spec file
- removed obsolete orbit-devel build requirement

Mon Dec 7 13:00:00 2009 wrAATTrosenauer.org
- update to 3.0 (bnc#559819)
- update enigmail to final version 1.0.0
- use --disable-updater and removed obsolete UI patch and
pref changes
- use internal cairo up to 11.1 (Gecko now requires at least 1.8.8)
- added mozilla-clipboard.patch fixing a common crash (bmo#495392)
- removed upstreamed patch thunderbird-cs-smtpauth.patch

Wed Oct 7 14:00:00 2009 wrAATTrosenauer.org
- fixed startup-notification (bnc#518603)
(mozilla-startup-notification.patch)

Tue Sep 29 14:00:00 2009 wrAATTrosenauer.org
- fixed CS locale to allow SMTP AUTH sending of mails (bnc#542809)

Tue Sep 15 14:00:00 2009 wrAATTrosenauer.org
- update to 3.0b4

* removed upstreamed patches

* based on Gecko 1.9.1.3 (inheriting security fixes)

* new global search

Tue Aug 25 14:00:00 2009 wrAATTrosenauer.org
- reversioned enigmail to 0.96.99 (as it\'s actually 0.97a and 0.96
has been released already)
- fixed RPM group for the translation subpackages

Fri Aug 21 14:00:00 2009 wrAATTrosenauer.org
- remove obsolete code for protocol handlers (bmo#389732)
(mozilla-protocol_handler.patch)
- new enigmail snapshot (20090813)
- require pinentry-gui for 11.2 and up (bnc#441084)

Sun Aug 9 14:00:00 2009 wrAATTrosenauer.org
- Gtk filechooser allows alternative button order (as used in KDE)
(bnc#527418)
- translations{,-common} package doesn\'t provide en-US
- split translations into -common and -other packages (bnc#529180)

Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org
- fixed wrong %exclude by removing unwanted files at %install stage

Fri Jul 17 14:00:00 2009 wrAATTrosenauer.org
- major update to 3.0b3
- update enigmail to 0.96pre
- created enigmail subpackage and install to system wide location
for Thunderbird and SeaMonkey
- define MOZ_APP_LAUNCHER for session management (bmo#453689)
(mozilla-app-launcher.patch and mozilla.sh.in)
- move opensuse.js prefs to all-opensuse.js prefs to be able
to override prefs in all-thunderbird.js
- move intl.locale.matchOS to all-opensuse.js
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)

Fri Jun 19 14:00:00 2009 cooloAATTnovell.com
- disable as-needed for this package as it fails to build with it

Tue Jun 2 14:00:00 2009 wrAATTrosenauer.org
- Fixed build issue for gcc 4.4 (mozilla-gcc44.patch)

Wed Mar 18 13:00:00 2009 wrAATTrosenauer.org
- security update to version 2.0.0.21 (bnc#484321)

* MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
CVE-2009-0774:
Crashes with evidence of memory corruption (rv:1.9.0.7)

* MFSA 2009-09/CVE-2009-0776:
XML data theft via RDFXMLDataSource and cross-domain redirect

* MFSA 2009-10/CVE-2009-0040:
Upgrade PNG library to fix memory safety hazards


  
ICM