~ubuntu-branches/ubuntu/feisty/mozilla-thunderbird/feisty-security : changes

~ubuntu-branches/ubuntu/feisty/mozilla-thunderbird/feisty-security » Changes from revision 24

From Revision 24 to 5

Rev	Summary	Authors	Tags	Date
24	* RELEASE security/stability backports for tbird 1.5 as of 2... * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.17 (USN-647-1) - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.17/moz_1.8.0.15prepatches080614g.tar.gz	Alexander Sack	1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1	15 years ago
23	* RELEASE security/stability backports for tbird 1.5 as of 2... * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.16 (USN-629-1) - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/moz_1.8.0.15prepatches080614d.tar.gz - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/xulrunner_1.5.0.15pre080614d-source.tar.bz2 * debian/patches/00list: disable 10_visibility_hidden_patch.dpatch - which is now shipped in upstream tarballs.	Alexander Sack	1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1	15 years ago
22	* RELEASE security/stability backports for tbird 1.5 as of 2... * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.14 (USN-605-1) - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.14/moz_1.8.0.15prepatches080417a.tar.gz * drop patches applied upstream from debian/patches - 0071_279505-attachment-297724-fix-396613-regression.dpatch	Alexander Sack	1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1	16 years ago
21	* fix memory access regression (LP: #197504) * fix memory access regression (LP: #197504) - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch - update debian/patches/00list	Alexander Sack	1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1	16 years ago
20	* USN-582-1 - release security backports for 1.8.0.12 (inclu... * USN-582-1 - release security backports for 1.8.0.12 (including previously not released firefox patches for 1.8.0.10/11) * add distro version patch to indicate post-EOL maintainence release - add debian/patches/98_ubuntu_eol_distro_version.dpatch - update debian/patches/00list	Alexander Sack	1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0	16 years ago
19	* New upstream security/stability update: * New upstream security/stability update: * MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript) * MFSA 2007-30 aka CVE-2007-1095 * MFSA 2007-31 aka CVE-2007-2292 * MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894 * MFSA 2007-33 aka CVE-2007-5334 * MFSA 2007-34 aka CVE-2007-5337 * MFSA 2007-35 aka CVE-2007-5338 * MFSA 2007-36 aka CVE-2007-4841 (windows only)	Alexander Sack	1.5.0.13+1.5.0.14b-0ubuntu0.7.04	16 years ago
18	* New upstream security/stability update: * New upstream security/stability update: - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of memory corruption (rv:1.8.0.13/1.8.1.5) - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox from Internet Explorer. - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded about:blank windows. - CVE-2007-3845 - MFSA 2007-27: Unescaped URIs passed to external programs.	Alexander Sack	1.5.0.13-0ubuntu0.7.04	16 years ago
17	* New upstream security/stability update: * New upstream security/stability update: - CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4) - CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP Authentication	Alexander Sack	1.5.0.12-0ubuntu0.7.04	16 years ago
16	* debian/rules: use --disable-strip in configure to make noo... * debian/rules: use --disable-strip in configure to make noopt effective; add -g to OPTFLAGS even for noopt; dbgsym packages can now be generated (LP#101923). * debian/control: fix outdated Suggest entry to firefox (LP# 82805) * debian/mozilla-thunderbird-restart-required.update-notifier, debian/mozilla-thunderbird.install, debian/mozilla-thunderbird.postinst: install restart-required hook for "restart required on update2 notification (LP#90624). * debian/mozilla-thunderbird.desktop: support gnome startup notification, contributed by John Vivirito <gnomefreak@gmail.com> (LP#11463). * 77_ubuntu-look-and-feel-report-a-bug-menuitem.dpatch: add 'Report a bug ...' menu entry, which invokes /usr/bin/ubuntu-bug -pmozilla-thunderbird	Alexander Sack	1.5.0.10-0ubuntu3	17 years ago
15	debian/rules/: make thunderbird DEB_BUILD_OPTIONS=noopt awar... debian/rules/: make thunderbird DEB_BUILD_OPTIONS=noopt aware	Alexander Sack	1.5.0.10-0ubuntu2	17 years ago
14	* New upstream security update: * New upstream security update: - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow Vulnerability - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow Vulnerability - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01: Crashes with evidence of memory corruption * drop patches applied upstream: 90_ppc64-build-fix * debian/control: Taking over maintainer field. * archives/thunderbird-1.5.0.10-source.tar.bz2: use original upstream tarball to build official branding * debian/rules: update tarball name; drop code that replace official branding with free branding. * debian/fhunderbird-branding.tmpl, debian/fhunderbird-icons, debian/gen-fhunderbird-branding.sh: remove free branding generation. * debian/patches/91_replytolist.dpatch: added patch to allow reply to list extension (bz#45715)	Alexander Sack	1.5.0.10-0ubuntu1	17 years ago
13	* New upstream security update: * New upstream security update: - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows. - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI. - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects. - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point. - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes with evidence of memory corruption. * Upstream security updates from 1.5.0.8: - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled. - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant). - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with evidence of memory corruption.	Kees Cook	1.5.0.9-0ubuntu1	17 years ago
12	* New upstream security update: * New upstream security update: - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption (rv:1.8.0.7) - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL spoofing - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression Heap Corruption	Martin Pitt	1.5.0.7-0ubuntu1	17 years ago
11	* New upstream security update: * New upstream security update: - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous events [does not affect 1.0] - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked across domains [does not affect 1.0] - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race condition [does not affect 1.0] - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed VCard - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine vulnerabilities - MFSA 2006-51, CVE-2006-3807: Privilege escalation using named-functions and redefined "new Object()" - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege escalation - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper (window).Function(...) [does not affect 1.0] - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory corruption (rv:1.8.0.5) - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote content * debian/patches/10_pangoxft_linkage.dpatch: Adapted to new upstream version.	Martin Pitt	1.5.0.5-0ubuntu1	17 years ago
10	* Ship SVG and PNG icons alongside the XPM icons for window ... * Ship SVG and PNG icons alongside the XPM icons for window managers that can deal with those. Also, use the SVG icon internally, rather than the XPM, making the taskbar icon less ugly (closes: launchpad.net/45492) * Include a slightly tweaked profile-manager icon for the (still disabled) mozilla-thunderbird profile manager desktop entry, based on tango icons.	Adam Conrad	1.5.0.2-0ubuntu2	18 years ago
9	* New upstream incremental security and bugfix release (laun... * New upstream incremental security and bugfix release (launchpad.net/41096): - MFSA 2006-28, CVE-2006-1726: Security check of js_ValueToFunctionObject() can be circumvented - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution Vuln - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview - MFSA 2006-24, CVE-2006-1728: Privilege escalation using crypto.generateCRMFRequest - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vuln - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when forwarding in-line - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724: Crashes with memory corruption. - MFSA 2006-08, CVE-2006-0299: "AnyName" entrainment and access control hazard - MFSA 2006-07, CVE-2006-0298: Read beyond buffer while parsing XML - MFSA 2006-06, CVE-2006-0297: Integer overflows in E4X, SVG and Canvas - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through XULDocument.persist() - MFSA 2006-04, CVE-2006-0295: Memory corruption via QueryInterface on Location, Navigator objects - MFSA 2006-02, CVE-2006-0294: Changing postion:relative to static corrupts memory - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards * New upstream should have restored the ability to send attachments via the command line interface (launchpad.net/35690) * Add the (at this point, very well-tested) GNOME/MIME handling patch from Firefox, so we get GNOME MIME definitions (launchpad.net/30375) * Sync 91_fontsfix_359763.dpatch from Debian, to use the generic font aliases instead of demanding "Times", "Courier", and "Helvetica". * Sync isolated arch build failure fixes from Debian as well, for people who feel the urge to port dapper after it's released: 50_arch_.dpatch Drop all references to mozilla-thunderbird-update-chrome, and the .d directories in /var/lib/mozilla-thunderbird and stop shipping them, as they've been obsolete and broken since 1.5 (launchpad.net/{35465,25997}) Stop shipping /tmp in the typeaheadfind package (launchpad.net/43470) * Rework the Debconf www-browser selection so it automatically chooses to use gnome-control-center's choice if it detects it installed, otherwise falling back to x-www-browser (launchpad.net/{31841,34546,41706,25704}) * Drop suggests on xprint, which we stopped using (launchpad.net/33307) * Depend on "myspell-en-us \| myspell-dictionary", since we now appear to require it unconditionally for operation (launchpad.net/{35212,37825}) * Fix the default theme so it shows up in themes list, so you can remove added themes, since they're not the "last one" (launchpad.net/43022) * Hide the Profile Manager menu icon by default (launchpad.net/12874) * Add proper branding (Yay, we're Thunderbird again, not Mail/News, and we have an icon and an about box, oh my!), icon thanks to Andy Fitzsimon, integration mangling thanks to Alexander Sack. (launchpad.net/19439)	Adam Conrad	1.5.0.2-0ubuntu1	18 years ago
8	* debian/mozilla-thunderbird.desktop: * debian/mozilla-thunderbird.desktop: - change menu title from "Thunderbird Mail Client" to "Thunderbird Mail"	Sebastien Bacher	1.5-0ubuntu6	18 years ago
7	debian/global-config.js: Set intl.locale.matchOS by default ... debian/global-config.js: Set intl.locale.matchOS by default to make locale packages work.	Martin Pitt	1.5-0ubuntu5	18 years ago
6	* Re-enable patch 20_mailnews_mime_makefile_in.dpatch to exp... * Re-enable patch 20_mailnews_mime_makefile_in.dpatch to export proper headers to our -dev package so we can get engimail building again. * Re-enable pango support, adding 10_pangoxft_linkage.dpatch, which fixes the build to link pangoxft, which we directly include and use.	Adam Conrad	1.5-0ubuntu4	18 years ago
5	Revert pango support for now. We appear to be calling into ... Revert pango support for now. We appear to be calling into libpangoxft without linking to it, and I don't have time this week to sort it out.	Adam Conrad	1.5-0ubuntu3	18 years ago

Older »