-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-11379 2010-07-23 01:57:19.312760 --------------------------------------------------------------------------------
Name : sunbird Product : Fedora 13 Version : 1.0 Release : 0.26.b2pre.fc13 URL : http://www.mozilla.org/projects/calendar/sunbird/ Summary : Calendar application built upon Mozilla toolkit Description : Mozilla Sunbird is a cross-platform calendar application, built upon Mozilla Toolkit. It brings Mozilla-style ease-of-use to your calendar, without tying you to a particular storage solution. -------------------------------------------------------------------------------- Update Information: Update to new upstream Thunderbird version 3.1.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/announce/ Update also includes sunbird package rebuilt against new version of Thunderbird. -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 20 2010 Jan Horak <[email protected]> - 1.0-0.26.b2pre - Changed thunderbird-lightning install location to /usr/lib/mozilla/extensions/{355... - Rebuild against Thunderbird 3.1.1 * Thu Jun 24 2010 Jan Horak <[email protected]> - 1.0-0.25.b2pre - Rebuild against Thunderbird 3.1 * Tue Jun 22 2010 Jan Horak <[email protected]> - 1.0-0.24.b2pre - Fixed Thunderbird requires version * Tue Jun 22 2010 Jan Horak <[email protected]> - 1.0-0.23.b2pre - Rebuild against Thunderbird 3.1 RC2 * Mon Jun 21 2010 Jan Horak <[email protected]> - 1.0-0.22.20090916hg - Rebuild against new Thunderbird -------------------------------------------------------------------------------- References: [ 1 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=615455 [ 2 ] Bug #615456 - CVE-2010-1212 Mozilla miscellaneous memory safety hazards https://bugzilla.redhat.com/show_bug.cgi?id=615456 [ 3 ] Bug #615463 - CVE-2010-1215 Mozilla Arbitrary code execution using SJOW and fast native function https://bugzilla.redhat.com/show_bug.cgi?id=615463 [ 4 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=615464 [ 5 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=615466 [ 6 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write https://bugzilla.redhat.com/show_bug.cgi?id=608238 [ 7 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts https://bugzilla.redhat.com/show_bug.cgi?id=615471 [ 8 ] Bug #615472 - CVE-2010-1207 Mozilla Same-origin bypass using canvas context https://bugzilla.redhat.com/show_bug.cgi?id=615472 [ 9 ] Bug #615474 - CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish https://bugzilla.redhat.com/show_bug.cgi?id=615474 [ 10 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=568231 [ 11 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages https://bugzilla.redhat.com/show_bug.cgi?id=615488 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update sunbird' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
