-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-11379 2010-07-23 01:57:19.312760 --------------------------------------------------------------------------------
Name : thunderbird Product : Fedora 13 Version : 3.1.1 Release : 1.fc13 URL : http://www.mozilla.org/projects/thunderbird/ Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to new upstream Thunderbird version 3.1.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/announce/ Update also includes sunbird package rebuilt against new version of Thunderbird. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 20 2010 Jan Horak <[email protected]> - 3.1.1-1 - Update to 3.1.1 * Thu Jun 24 2010 Jan Horak <[email protected]> - 3.1-1 - Thunderbird 3.1 * Mon Jun 21 2010 Jan Horak <[email protected]> - 3.1-0.1.rc2 - Update to 3.1 RC2 * Mon Jun 21 2010 Jan Horak <[email protected]> - 3.0.5-1 - Update to 3.0.5 * Fri Apr 30 2010 Jan Horak <[email protected]> - 3.0.4-3 - Fix for mozbz#550455 -------------------------------------------------------------------------------- References: [ 1 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=615455 [ 2 ] Bug #615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=615456 [ 3 ] Bug #615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function https://bugzilla.redhat.com/show_bug.cgi?id=615463 [ 4 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=615464 [ 5 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=615466 [ 6 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write https://bugzilla.redhat.com/show_bug.cgi?id=608238 [ 7 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts https://bugzilla.redhat.com/show_bug.cgi?id=615471 [ 8 ] Bug #615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context https://bugzilla.redhat.com/show_bug.cgi?id=615472 [ 9 ] Bug #615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish https://bugzilla.redhat.com/show_bug.cgi?id=615474 [ 10 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=568231 [ 11 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages https://bugzilla.redhat.com/show_bug.cgi?id=615488 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update thunderbird' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
