24
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1 |
15 years ago
|
|
|
23
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1 |
15 years ago
|
|
|
22
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1 |
16 years ago
|
|
|
21
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1 |
16 years ago
|
|
|
20
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0 |
16 years ago
|
|
|
19
|
|
|
Alexander Sack |
1.5.0.13+1.5.0.14b-0ubuntu0.7.04 |
16 years ago
|
|
|
18
|
|
|
Alexander Sack |
1.5.0.13-0ubuntu0.7.04 |
16 years ago
|
|
|
17
|
|
|
Alexander Sack |
1.5.0.12-0ubuntu0.7.04 |
16 years ago
|
|
|
16
|
|
|
Alexander Sack |
1.5.0.10-0ubuntu3 |
17 years ago
|
|
|
15
|
|
|
Alexander Sack |
1.5.0.10-0ubuntu2 |
17 years ago
|
|
|
14
|
|
|
Alexander Sack |
1.5.0.10-0ubuntu1 |
17 years ago
|
|
|
13
|
|
* New upstream security update: - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. * Upstream security updates from 1.5.0.8: - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled. - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant). - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with evidence of memory corruption.
|
Kees Cook |
1.5.0.9-0ubuntu1 |
17 years ago
|
|
|
12
|
|
|
Martin Pitt |
1.5.0.7-0ubuntu1 |
17 years ago
|
|
|
11
|
|
* New upstream security update: - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous events [does not affect 1.0] - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked across domains [does not affect 1.0] - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race condition [does not affect 1.0] - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed VCard - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine vulnerabilities - MFSA 2006-51, CVE-2006-3807: Privilege escalation using named-functions and redefined "new Object()" - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege escalation - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper (window).Function(...) [does not affect 1.0] - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote content * debian/patches/10_pangoxft_linkage.dpatch: Adapted to new upstream version.
|
Martin Pitt |
1.5.0.5-0ubuntu1 |
17 years ago
|
|
|
10
|
|
|
Adam Conrad |
1.5.0.2-0ubuntu2 |
18 years ago
|
|
|
9
|
|
* New upstream incremental security and bugfix release (launchpad.net/41096): - MFSA 2006-28, CVE-2006-1726: Security check of js_ValueToFunctionObject() can be circumvented - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution Vuln - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview - MFSA 2006-24, CVE-2006-1728: Privilege escalation using crypto.generateCRMFRequest - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vuln - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when forwarding in-line - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724: Crashes with memory corruption. - MFSA 2006-08, CVE-2006-0299: "AnyName" entrainment and access control hazard - MFSA 2006-07, CVE-2006-0298: Read beyond buffer while parsing XML - MFSA 2006-06, CVE-2006-0297: Integer overflows in E4X, SVG and Canvas - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through XULDocument.persist() - MFSA 2006-04, CVE-2006-0295: Memory corruption via QueryInterface on Location, Navigator objects - MFSA 2006-02, CVE-2006-0294: Changing postion:relative to static corrupts memory - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards * New upstream should have restored the ability to send attachments via the command line interface (launchpad.net/35690) * Add the (at this point, very well-tested) GNOME/MIME handling patch from Firefox, so we get GNOME MIME definitions (launchpad.net/30375) * Sync 91_fontsfix_359763.dpatch from Debian, to use the generic font aliases instead of demanding "Times", "Courier", and "Helvetica". * Sync isolated arch build failure fixes from Debian as well, for people who feel the urge to port dapper after it's released: 50_arch_*.dpatch * Drop all references to mozilla-thunderbird-update-chrome, and the *.d directories in /var/lib/mozilla-thunderbird and stop shipping them, as they've been obsolete and broken since 1.5 (launchpad.net/{35465,25997}) * Stop shipping /tmp in the typeaheadfind package (launchpad.net/43470) * Rework the Debconf www-browser selection so it automatically chooses to use gnome-control-center's choice if it detects it installed, otherwise falling back to x-www-browser (launchpad.net/{31841,34546,41706,25704}) * Drop suggests on xprint, which we stopped using (launchpad.net/33307) * Depend on "myspell-en-us | myspell-dictionary", since we now appear to require it unconditionally for operation (launchpad.net/{35212,37825}) * Fix the default theme so it shows up in themes list, so you can remove added themes, since they're not the "last one" (launchpad.net/43022) * Hide the Profile Manager menu icon by default (launchpad.net/12874) * Add proper branding (Yay, we're Thunderbird again, not Mail/News, and we have an icon and an about box, oh my!), icon thanks to Andy Fitzsimon, integration mangling thanks to Alexander Sack. (launchpad.net/19439)
|
Adam Conrad |
1.5.0.2-0ubuntu1 |
18 years ago
|
|
|
8
|
|
|
Sebastien Bacher |
1.5-0ubuntu6 |
18 years ago
|
|
|
7
|
|
|
Martin Pitt |
1.5-0ubuntu5 |
18 years ago
|
|
|
6
|
|
|
Adam Conrad |
1.5-0ubuntu4 |
18 years ago
|
|
|
5
|
|
|
Adam Conrad |
1.5-0ubuntu3 |
18 years ago
|
|
|