Change log for mozilla-thunderbird package in Ubuntu

150 of 60 results
Obsolete in dapper-updates
Obsolete in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614k-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.21
    (USN-741-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.21tb+3.0.7/moz_1.8.0.15prepatches080614k.tar.gz

 -- Alexander Sack <email address hidden>   Thu, 19 Mar 2009 10:58:17 +0100
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.19
    (USN-701-2)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.19/moz_1.8.0.15prepatches080614i.tar.gz

 -- Alexander Sack <email address hidden>   Mon, 05 Jan 2009 12:53:51 +0100
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.18
    (USN-668-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.18/moz_1.8.0.15prepatches080614h.tar.gz

 -- Alexander Sack <email address hidden>   Tue, 25 Nov 2008 11:25:59 +0100
Obsolete in feisty-updates
Obsolete in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1) feisty-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.17
    (USN-647-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.17/moz_1.8.0.15prepatches080614g.tar.gz

 -- Alexander Sack <email address hidden>   Thu, 25 Sep 2008 14:39:32 +0200
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.17
    (USN-647-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.17/moz_1.8.0.15prepatches080614g.tar.gz

 -- Alexander Sack <email address hidden>   Thu, 24 Jul 2008 08:55:01 +0200
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.7.04.1) feisty-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.16
    (USN-629-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/moz_1.8.0.15prepatches080614d.tar.gz
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/xulrunner_1.5.0.15pre080614d-source.tar.bz2

  * debian/patches/00list: disable 10_visibility_hidden_patch.dpatch - which is now shipped
    in upstream tarballs.

 -- Alexander Sack <email address hidden>   Thu, 24 Jul 2008 07:50:44 +0000
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080614d-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.16
    (USN-629-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/moz_1.8.0.15prepatches080614d.tar.gz
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.16/xulrunner_1.5.0.15pre080614d-source.tar.bz2

  * debian/patches/00list: disable 10_visibility_hidden_patch.dpatch - which is now shipped
    in upstream tarballs.

 -- Alexander Sack <email address hidden>   Thu, 24 Jul 2008 08:55:01 +0200
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.7.04.1) feisty-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.14
    (USN-605-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.14/moz_1.8.0.15prepatches080417a.tar.gz

  * drop patches applied upstream from debian/patches
    - 0071_279505-attachment-297724-fix-396613-regression.dpatch

 -- Alexander Sack <email address hidden>   Fri, 02 May 2008 12:01:00 +0200
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080417a-0ubuntu0.6.06.1) dapper-security; urgency=low

  * RELEASE security/stability backports for tbird 1.5 as of 2.0.0.14
    (USN-605-1)
    - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.14/moz_1.8.0.15prepatches080417a.tar.gz

  * drop patches applied upstream from debian/patches
    - 0071_279505-attachment-297724-fix-396613-regression.dpatch

 -- Alexander Sack <email address hidden>   Fri, 02 May 2008 11:20:00 +0200
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.1) feisty-security; urgency=low

  * fix memory access regression (LP: #197504)
    - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Tue, 04 Mar 2008 12:52:02 +0100
Obsolete in edgy-updates
Obsolete in edgy-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.1) edgy-security; urgency=low

  * fix memory access regression (LP: #197504)
    - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Tue, 04 Mar 2008 12:52:02 +0100
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.1) dapper-security; urgency=low

  * fix memory access regression (LP: #197504)
    - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Tue, 04 Mar 2008 12:52:02 +0100
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.7.04.0) feisty-security; urgency=low

  * USN-582-1 - release security backports for 1.8.0.12 (including previously
    not released firefox patches for 1.8.0.10/11)
  * add distro version patch to indicate post-EOL maintainence release
    - add debian/patches/98_ubuntu_eol_distro_version.dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Wed, 27 Feb 2008 10:05:25 +0100
Superseded in edgy-updates
Superseded in edgy-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.10.0) edgy-security; urgency=low

  * USN-582-1 - release security backports for 1.8.0.12 (including previously
    not released firefox patches for 1.8.0.10/11)
  * add distro version patch to indicate post-EOL maintainence release
    - add debian/patches/98_ubuntu_eol_distro_version.dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Wed, 27 Feb 2008 08:56:52 +0000
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.15~prepatch080227-0ubuntu0.6.06.0) dapper-security; Urgency=low

  * release security backports for 1.8.0.12 (including previously not released
    firefox patches for 1.8.0.10/11)
  * add distro version patch to indicate post-EOL maintainence release
    - add debian/patches/98_ubuntu_eol_distro_version.dpatch
    - update debian/patches/00list

 -- Alexander Sack <email address hidden>   Wed, 27 Feb 2008 09:51:09 +0100
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13+1.5.0.14b-0ubuntu0.7.04) feisty-security; urgency=low

  * New upstream security/stability update:
  * MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
  * MFSA 2007-30 aka CVE-2007-1095
  * MFSA 2007-31 aka CVE-2007-2292
  * MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
  * MFSA 2007-33 aka CVE-2007-5334
  * MFSA 2007-34 aka CVE-2007-5337
  * MFSA 2007-35 aka CVE-2007-5338
  * MFSA 2007-36 aka CVE-2007-4841 (windows only)

 -- Alexander Sack <email address hidden>   Mon, 22 Oct 2007 11:47:08 +0200
Superseded in edgy-updates
Superseded in edgy-security
mozilla-thunderbird (1.5.0.13+1.5.0.14b-0ubuntu0.6.10) edgy-security; urgency=low

  * security/stability update:
  * MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
  * MFSA 2007-30 aka CVE-2007-1095
  * MFSA 2007-31 aka CVE-2007-2292
  * MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
  * MFSA 2007-33 aka CVE-2007-5334
  * MFSA 2007-34 aka CVE-2007-5337
  * MFSA 2007-35 aka CVE-2007-5338
  * MFSA 2007-36 aka CVE-2007-4841 (windows only)

 -- Alexander Sack <email address hidden>   Mon, 22 Oct 2007 10:49:06 +0200
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13+1.5.0.14b-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/stability update:
  * MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
  * MFSA 2007-30 aka CVE-2007-1095
  * MFSA 2007-31 aka CVE-2007-2292
  * MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
  * MFSA 2007-33 aka CVE-2007-5334
  * MFSA 2007-34 aka CVE-2007-5337
  * MFSA 2007-35 aka CVE-2007-5338
  * MFSA 2007-36 aka CVE-2007-4841 (windows only)

 -- Alexander Sack <email address hidden>   Mon, 22 Oct 2007 10:49:42 +0200
Superseded in feisty-updates
Superseded in feisty-security
mozilla-thunderbird (1.5.0.13-0ubuntu0.7.04) feisty-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of
      memory corruption (rv:1.8.0.13/1.8.1.5)
    - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox
      from Internet Explorer.
    - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded
      about:blank windows.
    - CVE-2007-3845 - MFSA 2007-27:  Unescaped URIs passed to external
      programs.

 -- Alexander Sack <email address hidden>   Fri, 24 Aug 2007 11:30:38 +0200
Superseded in edgy-updates
Superseded in edgy-security
mozilla-thunderbird (1.5.0.13-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of
      memory corruption (rv:1.8.0.13/1.8.1.5)
    - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox
      from Internet Explorer.
    - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded
      about:blank windows.
    - CVE-2007-3845 - MFSA 2007-27:  Unescaped URIs passed to external
      programs.

 -- Alexander Sack <email address hidden>   Fri, 24 Aug 2007 11:46:43 +0200
Superseded in dapper-updates
Superseded in dapper-security
mozilla-thunderbird (1.5.0.13-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-3734, CVE-2007-3735 - MFSA 2007-18: Crashes with evidence of
      memory corruption (rv:1.8.0.13/1.8.1.5)
    - CVE-2007-3670 - MFSA 2007-23: Remote code execution by launching Firefox
      from Internet Explorer.
    - CVE-2007-3844 - MFSA 2007-26: Privilege escalation through chrome-loaded
      about:blank windows.
    - CVE-2007-3845 - MFSA 2007-27:  Unescaped URIs passed to external
      programs.

 -- Alexander Sack <email address hidden>   Fri, 24 Aug 2007 11:53:42 +0200
Superseded in feisty-security
mozilla-thunderbird (1.5.0.12-0ubuntu0.7.04) feisty-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of
      memory corruption (rv:1.8.0.12/1.8.1.4)
    - CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP
      Authentication

 -- Alexander Sack <email address hidden>   Sun,  3 Jun 2007 18:06:00 +0200
Superseded in edgy-security
mozilla-thunderbird (1.5.0.12-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of
      memory corruption (rv:1.8.0.12/1.8.1.4)
    - CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP
      Authentication

 -- Alexander Sack <email address hidden>   Mon,  4 Jun 2007 10:19:45 +0200
Superseded in dapper-security
mozilla-thunderbird (1.5.0.12-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/stability update:
    - CVE-2007-2867, CVE-2007-2868, MFSA 2007-12: Crashes with evidence of
      memory corruption (rv:1.8.0.12/1.8.1.4)
    - CVE-2007-1558, MFSA 2007-15: Security Vulnerability in APOP
      Authentication

 -- Alexander Sack <email address hidden>   Mon,  4 Jun 2007 10:19:00 +0200
Deleted in gutsy-release (Reason: renamed to thunderbird)
Obsolete in feisty-release
mozilla-thunderbird (1.5.0.10-0ubuntu3) feisty; urgency=low

  * debian/rules: use --disable-strip in configure to make noopt effective;
    add -g to OPTFLAGS even for noopt; dbgsym packages can now be generated
    (LP#101923).
  * debian/control: fix outdated Suggest entry to firefox (LP# 82805)
  * debian/mozilla-thunderbird-restart-required.update-notifier,
    debian/mozilla-thunderbird.install, debian/mozilla-thunderbird.postinst:
    install restart-required hook for "restart required on update2 notification
    (LP#90624).
  * debian/mozilla-thunderbird.desktop: support gnome startup notification,
    contributed by John Vivirito <email address hidden> (LP#11463).
  * 77_ubuntu-look-and-feel-report-a-bug-menuitem.dpatch: add 'Report a bug ...'
    menu entry, which invokes /usr/bin/ubuntu-bug -pmozilla-thunderbird

 -- Alexander Sack <email address hidden>   Mon,  2 Apr 2007 17:40:00 +0100
Superseded in feisty-release
mozilla-thunderbird (1.5.0.10-0ubuntu2) feisty; urgency=low

  * debian/rules/: make thunderbird DEB_BUILD_OPTIONS=noopt aware

 -- Alexander Sack <email address hidden>   Wed,  7 Mar 2007 13:00:00 +0100
Superseded in edgy-security
mozilla-thunderbird (1.5.0.10-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security update:
    - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
      Vulnerability
    - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
      Vulnerability
    - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
      Crashes with evidence of memory corruption
  * drop patches applied upstream: 90_ppc64-build-fix

 -- Alexander Sack <email address hidden>   Mon,  5 Mar 2007 11:30:00 +0100
Superseded in dapper-security
mozilla-thunderbird (1.5.0.10-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security update:
    - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
      Vulnerability
    - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
      Vulnerability
    - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
      Crashes with evidence of memory corruption
  * drop patches applied upstream: 90_ppc64-build-fix

 -- Alexander Sack <email address hidden>   Mon,  5 Mar 2007 11:30:00 +0100
Obsolete in breezy-security
mozilla-thunderbird (1.5.0.10-0ubuntu0.5.10) breezy-security; urgency=low

  * New upstream security update:
    - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
      Vulnerability
    - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
      Vulnerability
    - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
      Crashes with evidence of memory corruption
  * drop patches applied upstream: 90_ppc64-build-fix

 -- Alexander Sack <email address hidden>   Mon,  5 Mar 2007 11:30:00 +0100
Superseded in feisty-release
mozilla-thunderbird (1.5.0.10-0ubuntu1) feisty; urgency=low

  * New upstream security update:
    - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
      Vulnerability
    - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
      Vulnerability
    - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
      Crashes with evidence of memory corruption
  * drop patches applied upstream: 90_ppc64-build-fix
  * debian/control: Taking over maintainer field.
  * archives/thunderbird-1.5.0.10-source.tar.bz2: use original
    upstream tarball to build official branding
  * debian/rules: update tarball name; drop code that replace
    official branding with free branding.
  * debian/fhunderbird-branding.tmpl, debian/fhunderbird-icons,
    debian/gen-fhunderbird-branding.sh: remove free branding
    generation.
  * debian/patches/91_replytolist.dpatch: added patch to allow
    reply to list extension (bz#45715)

 -- Alexander Sack <email address hidden>   Sat,  3 Feb 2007 14:00:00 +0100
Superseded in dapper-security
mozilla-thunderbird (1.5.0.9-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security update:
    - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
    - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
    - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
    - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
    - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
      with evidence of memory corruption.

 -- Kees Cook <email address hidden>   Wed,  3 Jan 2007 10:57:25 -0800
Superseded in breezy-security
mozilla-thunderbird (1.5.0.9-0ubuntu0.5.10) breezy-security; urgency=low

  * New upstream security update:
    - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
    - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
    - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
    - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
    - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
      with evidence of memory corruption.

 -- Kees Cook <email address hidden>   Wed, 20 Dec 2006 17:50:17 -0800
Superseded in edgy-security
mozilla-thunderbird (1.5.0.9-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security update:
    - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
    - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
    - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
    - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
    - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
      with evidence of memory corruption.

 -- Kees Cook <email address hidden>   Wed,  3 Jan 2007 11:02:05 -0800
Superseded in feisty-release
mozilla-thunderbird (1.5.0.9-0ubuntu1) feisty; urgency=low

  * New upstream security update:
    - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
    - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
    - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
    - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
    - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
      with evidence of memory corruption.
  * Upstream security updates from 1.5.0.8:
    - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
    - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
    - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
      evidence of memory corruption.

 -- Kees Cook <email address hidden>   Tue,  2 Jan 2007 12:59:39 -0800
Superseded in dapper-security
mozilla-thunderbird (1.5.0.8-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security update:
    - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
    - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
    - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
      evidence of memory corruption.

 -- Kees Cook <email address hidden>   Tue, 14 Nov 2006 16:54:37 -0800
Superseded in breezy-security
mozilla-thunderbird (1.5.0.8-0ubuntu0.5.10) breezy-security; urgency=low

  * New upstream security update:
    - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
    - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
    - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
      evidence of memory corruption.

 -- Kees Cook <email address hidden>   Tue, 14 Nov 2006 18:16:22 -0800
Superseded in edgy-security
mozilla-thunderbird (1.5.0.8-0ubuntu0.6.10) edgy-security; urgency=low

  * New upstream security update:
    - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
    - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
    - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
      evidence of memory corruption.

 -- Kees Cook <email address hidden>   Tue, 14 Nov 2006 11:45:14 -0800
Superseded in dapper-security
mozilla-thunderbird (1.5.0.7-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security update:
    - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
      (rv:1.8.0.7)
    - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
    - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
    - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
    - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
      spoofing
    - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
      Heap Corruption

 -- Martin Pitt <email address hidden>   Fri, 15 Sep 2006 08:16:50 +0000
Superseded in breezy-security
mozilla-thunderbird (1.5.0.7-0ubuntu0.5.10) breezy-security; urgency=low

  * Bump Breezy to 1.5.0.x since 1.0.x is EOLed upstream. 1.5.0.7 fixes the
    following vulnerabilities:
    - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
      (rv:1.8.0.7)
    - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
    - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
    - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
    - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
      spoofing
    - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
      Heap Corruption
  * 1.5.0.5 fixes the following vulnerabilities:
    - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
      events [does not affect 1.0]
    - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
      across domains [does not affect 1.0]
    - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
      condition [does not affect 1.0]
    - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
      VCard
    - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
      vulnerabilities
    - MFSA 2006-51, CVE-2006-3807: Privilege escalation using
      named-functions and redefined "new Object()"
    - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
      escalation
    - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
      (window).Function(...) [does not affect 1.0]
    - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
      corruption (rv:1.8.0.5)
    - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
      content

 -- Martin Pitt <email address hidden>   Fri, 15 Sep 2006 08:16:50 +0000
Superseded in feisty-release
Obsolete in edgy-release
mozilla-thunderbird (1.5.0.7-0ubuntu1) edgy; urgency=low

  * New upstream security update:
    - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
      (rv:1.8.0.7)
    - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
    - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
    - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
    - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
      spoofing
    - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
      Heap Corruption

 -- Martin Pitt <email address hidden>   Mon, 18 Sep 2006 19:07:51 +0200
Superseded in dapper-security
mozilla-thunderbird (1.5.0.5-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security update:
    - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
      events [does not affect 1.0]
    - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
      across domains [does not affect 1.0]
    - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
      condition [does not affect 1.0]
    - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
      VCard
    - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
      vulnerabilities
    - MFSA 2006-51, CVE-2006-3807: Privilege escalation using
      named-functions and redefined "new Object()"
    - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
      escalation
    - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
      (window).Function(...) [does not affect 1.0]
    - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
      corruption (rv:1.8.0.5)
    - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
      content
  * debian/patches/10_pangoxft_linkage.dpatch: Adapted to new upstream
    version.

 -- Martin Pitt <email address hidden>   Fri, 28 Jul 2006 12:41:29 +0000
Superseded in edgy-release
mozilla-thunderbird (1.5.0.5-0ubuntu1) edgy; urgency=low

  * New upstream security update:
    - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
      events [does not affect 1.0]
    - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
      across domains [does not affect 1.0]
    - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
      condition [does not affect 1.0]
    - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
      VCard
    - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
      vulnerabilities
    - MFSA 2006-51, CVE-2006-3807: Privilege escalation using
      named-functions and redefined "new Object()"
    - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
      escalation
    - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
      (window).Function(...) [does not affect 1.0]
    - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
      corruption (rv:1.8.0.5)
    - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
      content
  * debian/patches/10_pangoxft_linkage.dpatch: Adapted to new upstream
    version.

 -- Martin Pitt <email address hidden>   Fri, 28 Jul 2006 13:22:34 +0200
Superseded in breezy-security
mozilla-thunderbird (1.0.8-0ubuntu05.10.2) breezy-security; urgency=low

  * This release backports several security issue fixed in thunderbird
    1.5.0.4. the patches listed below can be found in
    debian/patches/tbird.1.0.8-1.0.8a:

    + CVE-2006-2787     : 0001-mfsa2006-31-319263-336601-336313.patch
    + CVE-2006-2786 1/2 : 0002-mfsa2006-33-Part-1-2-329746.patch
    + CVE-2006-2786 1/2 : 0003-mfsa2006-33-Part-2-2-330214.patch
    + CVE-2006-2785 2/2 : 0004-mfsa2006-34-329521-329468.patch
    + CVE-2006-2775     : 0005-mfsa2006-35-329677.patch
                          0024-mfsa2006-35-335142-regression-1-2-for-329677.patch
                          0025-mfsa2006-35-337841-regression-part-2-2-for-329677.patch
    + CVE-2006-2784     : 0006-mfsa2006-36-330037.patch
    + CVE-2006-2776     : 0007-mfsa2006-37-330773-with-belt-and-braces.patch
    + CVE-2006-2778     : 0008-mfsa2006-38-330897.patch
    + CVE-2006-1942     : 0009-mfsa2006-39-CVE-2006-1942-334341.patch
    + CVE-2006-2781     : 0010-mfsa2006-40-334384-sea.patch
                          0010-mfsa2006-40-334384.patch
    + CVE-2006-2782     : 0011-mfsa2006-41-334977.patch
    + CVE-2006-2783     : 0012-mfsa2006-42-335816.patch
    + CVE-2006-2777     : 0013-mfsa2006-43-336830.patch
    + CVE-2006-2779 3/6 : 0014-mfsa2006-32-Part-3-7-326501.patch
    + CVE-2006-2779 4/6 : 0015-mfsa2006-32-Part-4a-7-326931.patch
    + CVE-2006-2779 4/6 : 0016-mfsa2006-32-Part-4b-7-329219.patch
    + CVE-2006-2779 4/6 : 0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.patch
    + CVE-2006-2779 6/6 : 0018-content-html-document-src-nsHTMLContentSink.cpp-332971-mfsa2006-32-Part-6-7.patch
    + CVE-2006-2780     : 0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.patch
    + CVE-2006-2779 5/6 : 0021-mfsa2006-32-Part-5-7-327712.patch
  * Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
    tricky parts 1/6 and 2/6 from advisory:
    1/6: Removing nested <option>s from a select (Jesse Ruderman)
      https://bugzilla.mozilla.org/show_bug.cgi?id=324918
    2/6: 'Crashes during DOMNodeRemoved mutation event'
      https://bugzilla.mozilla.org/show_bug.cgi?id=325730
      https://bugzilla.mozilla.org/show_bug.cgi?id=329982
  * Patches taken from Debian security update. Many thanks to Alexander Sack
    <email address hidden> for providing them!

 -- Martin Pitt <email address hidden>   Tue, 25 Jul 2006 11:29:46 +0000
Obsolete in hoary-security
mozilla-thunderbird (1.0.8-0ubuntu05.04.1) hoary-security; urgency=low

  * This release backports several security issue fixed in thunderbird
    1.5.0.4. the patches listed below can be found in
    debian/patches/tbird.1.0.8-1.0.8a:

    + CVE-2006-2787     : 0001-mfsa2006-31-319263-336601-336313.patch
    + CVE-2006-2786 1/2 : 0002-mfsa2006-33-Part-1-2-329746.patch
    + CVE-2006-2786 1/2 : 0003-mfsa2006-33-Part-2-2-330214.patch
    + CVE-2006-2785 2/2 : 0004-mfsa2006-34-329521-329468.patch
    + CVE-2006-2775     : 0005-mfsa2006-35-329677.patch
                          0024-mfsa2006-35-335142-regression-1-2-for-329677.patch
                          0025-mfsa2006-35-337841-regression-part-2-2-for-329677.patch
    + CVE-2006-2784     : 0006-mfsa2006-36-330037.patch
    + CVE-2006-2776     : 0007-mfsa2006-37-330773-with-belt-and-braces.patch
    + CVE-2006-2778     : 0008-mfsa2006-38-330897.patch
    + CVE-2006-1942     : 0009-mfsa2006-39-CVE-2006-1942-334341.patch
    + CVE-2006-2781     : 0010-mfsa2006-40-334384-sea.patch
                          0010-mfsa2006-40-334384.patch
    + CVE-2006-2782     : 0011-mfsa2006-41-334977.patch
    + CVE-2006-2783     : 0012-mfsa2006-42-335816.patch
    + CVE-2006-2777     : 0013-mfsa2006-43-336830.patch
    + CVE-2006-2779 3/6 : 0014-mfsa2006-32-Part-3-7-326501.patch
    + CVE-2006-2779 4/6 : 0015-mfsa2006-32-Part-4a-7-326931.patch
    + CVE-2006-2779 4/6 : 0016-mfsa2006-32-Part-4b-7-329219.patch
    + CVE-2006-2779 4/6 : 0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.patch
    + CVE-2006-2779 6/6 : 0018-content-html-document-src-nsHTMLContentSink.cpp-332971-mfsa2006-32-Part-6-7.patch
    + CVE-2006-2780     : 0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.patch
    + CVE-2006-2779 5/6 : 0021-mfsa2006-32-Part-5-7-327712.patch
  * Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
    tricky parts 1/6 and 2/6 from advisory:
    1/6: Removing nested <option>s from a select (Jesse Ruderman)
      https://bugzilla.mozilla.org/show_bug.cgi?id=324918
    2/6: 'Crashes during DOMNodeRemoved mutation event'
      https://bugzilla.mozilla.org/show_bug.cgi?id=325730
      https://bugzilla.mozilla.org/show_bug.cgi?id=329982
  * Patches taken from Debian security update. Many thanks to Alexander Sack
    <email address hidden> for providing them!

 -- Martin Pitt <email address hidden>   Tue, 25 Jul 2006 11:35:23 +0000
Superseded in dapper-security
mozilla-thunderbird (1.5.0.4-0ubuntu6.06.1) dapper-security; urgency=low

  * Bumped maxVersion of extensions to 1.5.0.99. (see LP#48084)

 -- Martin Pitt <email address hidden>   Thu, 15 Jun 2006 08:27:15 +0000
Superseded in dapper-security
mozilla-thunderbird (1.5.0.4-0ubuntu6.06) dapper-security; urgency=low

  * New upstream incremental security and bugfix release:
    - MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8
      pages
    - MFSA 2006-40, CVE-2006-2781: Double-free on malformed VCard
    - MFSA 2006-38, CVE-2006-2778: Buffer overflow in
      crypto.signText()
    - MFSA 2006-37, CVE-2006-2776: Remote compromise via
      content-defined setter on object prototypes
    - MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL
      persist
    - MFSA 2006-33, CVE-2006-2786: HTTP response smuggling
    - MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with
      potential memory corruption
    - MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy
      Autoconfig, Greasemonkey)

 -- Martin Pitt <email address hidden>   Mon, 12 Jun 2006 14:03:35 +0200
Superseded in edgy-release
Obsolete in dapper-release
mozilla-thunderbird (1.5.0.2-0ubuntu2) dapper; urgency=low

  * Ship SVG and PNG icons alongside the XPM icons for window managers that
    can deal with those.  Also, use the SVG icon internally, rather than
    the XPM, making the taskbar icon less ugly (closes: launchpad.net/45492)
  * Include a slightly tweaked profile-manager icon for the (still disabled)
    mozilla-thunderbird profile manager desktop entry, based on tango icons.

 -- Adam Conrad <email address hidden>   Mon, 22 May 2006 07:05:28 +1000
Superseded in dapper-release
mozilla-thunderbird (1.5.0.2-0ubuntu1) dapper; urgency=low

  * New upstream incremental security and bugfix release (launchpad.net/41096):
    - MFSA 2006-28, CVE-2006-1726: Security check of js_ValueToFunctionObject()
      can be circumvented
    - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution Vuln
    - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
    - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
    - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
      crypto.generateCRMFRequest
    - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow Vuln
    - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
      forwarding in-line
    - MFSA 2006-20, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531,
      CVE-2006-1723, CVE-2006-1724: Crashes with memory corruption.
    - MFSA 2006-08, CVE-2006-0299: "AnyName" entrainment and access control
      hazard
    - MFSA 2006-07, CVE-2006-0298: Read beyond buffer while parsing XML
    - MFSA 2006-06, CVE-2006-0297: Integer overflows in E4X, SVG and Canvas
    - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
      XULDocument.persist()
    - MFSA 2006-04, CVE-2006-0295: Memory corruption via QueryInterface on
      Location, Navigator objects
    - MFSA 2006-02, CVE-2006-0294: Changing postion:relative to static
      corrupts memory
    - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
  * New upstream should have restored the ability to send attachments
    via the command line interface (launchpad.net/35690)
  * Add the (at this point, very well-tested) GNOME/MIME handling patch
    from Firefox, so we get GNOME MIME definitions (launchpad.net/30375)
  * Sync 91_fontsfix_359763.dpatch from Debian, to use the generic font
    aliases instead of demanding "Times", "Courier", and "Helvetica".
  * Sync isolated arch build failure fixes from Debian as well, for people
    who feel the urge to port dapper after it's released: 50_arch_*.dpatch
  * Drop all references to mozilla-thunderbird-update-chrome, and the *.d
    directories in /var/lib/mozilla-thunderbird and stop shipping them, as
    they've been obsolete and broken since 1.5 (launchpad.net/{35465,25997})
  * Stop shipping /tmp in the typeaheadfind package (launchpad.net/43470)
  * Rework the Debconf www-browser selection so it automatically chooses to
    use gnome-control-center's choice if it detects it installed, otherwise
    falling back to x-www-browser (launchpad.net/{31841,34546,41706,25704})
  * Drop suggests on xprint, which we stopped using (launchpad.net/33307)
  * Depend on "myspell-en-us | myspell-dictionary", since we now appear to
    require it unconditionally for operation (launchpad.net/{35212,37825})
  * Fix the default theme so it shows up in themes list, so you can remove
    added themes, since they're not the "last one" (launchpad.net/43022)
  * Hide the Profile Manager menu icon by default (launchpad.net/12874)
  * Add proper branding (Yay, we're Thunderbird again, not Mail/News, and we
    have an icon and an about box, oh my!), icon thanks to Andy Fitzsimon,
    integration mangling thanks to Alexander Sack. (launchpad.net/19439)

 -- Adam Conrad <email address hidden>   Sun, 14 May 2006 04:50:44 +1000
Superseded in hoary-security
mozilla-thunderbird (1.0.8-0ubuntu05.04) hoary-security; urgency=low

  * New upstream release which fixes the following vulnerabilities:
    - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
      Vulnerability
    - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
    - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
    - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
      crypto.generateCRMFRequest
    - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
      Vulnerability
    - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
      forwarding in-line
    - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
    - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
    - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
      window.controllers
    - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
      valueOf.call()
    - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
      function's cloned parent
    - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
    - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
      CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
    - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
    - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
      handlers
    - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
      XULDocument.persist()
    - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
  * Removed debian/patches/20_run-mozilla_sh_306893_fix.dpatch: Fixed
    upstream.

 -- Martin Pitt <email address hidden>   Tue,  2 May 2006 08:13:22 +0000
Superseded in breezy-security
mozilla-thunderbird (1.0.8-0ubuntu05.10.1) breezy-security; urgency=low

  * New upstream release which fixes the following vulnerabilities:
    - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
      Vulnerability
    - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
    - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
    - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
      crypto.generateCRMFRequest
    - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
      Vulnerability
    - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
      forwarding in-line
    - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
    - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
    - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
      window.controllers
    - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
      valueOf.call()
    - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
      function's cloned parent
    - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
    - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
      CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
    - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
    - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
      handlers
    - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
      XULDocument.persist()
    - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
  * Removed debian/patches/20_run-mozilla_sh_306893_fix.dpatch: Fixed
    upstream.
  * debian/patches/90_gcc4_fix.dpatch: Adapted to new upstream version.

 -- Martin Pitt <email address hidden>   Tue,  2 May 2006 07:46:51 +0000
150 of 60 results