[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.8-1.fc6
Christopher Aillon
caillon at redhat.com
Wed Nov 8 13:01:30 UTC 2006
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1192
2006-11-08
---------------------------------------------------------------------
Product : Fedora Core 6
Name : thunderbird
Version : 1.5.0.8
Release : 1.fc6
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processes
certain malformed Javascript code. A malicious HTML mail
message could cause the execution of Javascript code in such
a way that could cause Thunderbird to crash or execute
arbitrary code as the user running Thunderbird.
(CVE-2006-5463, CVE-2006-5747, CVE-2006-5748)
Several flaws were found in the way Thunderbird renders HTML
mail messages. A malicious HTML mail message could cause the
mail client to crash or possibly execute arbitrary code as
the user running Thunderbird. (CVE-2006-5464)
Users of Thunderbird are advised to upgrade to this update,
which contains Thunderbird version 1.5.0.8 that corrects
these issues.
---------------------------------------------------------------------
* Tue Nov 7 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.8-1
- Update to 1.5.0.8
- Allow choosing of download directory
- Take the user to the correct directory from the Download Manager.
* Fri Oct 27 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.7-5
- Include pango printing patch from Behdad and co.
* Sun Oct 8 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.7-4
- Default to use of system colors
* Wed Oct 4 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.7-3
- Bring the invisible character to parity with GTK+
* Wed Sep 27 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.7-2
- Fix crash when changing gtk key theme
- Prevent UI freezes while changing GNOME theme
- Remove verbiage about pango; no longer required by upstream.
* Wed Sep 13 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.7-1
- Update to 1.5.0.7
* Thu Sep 7 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.5-8
- Shuffle order of the install phase around
* Thu Sep 7 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.5-7
- Let there be art for Alt+Tab again
- s/tbdir/mozappdir/g
* Wed Sep 6 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.5-6
- Fix for cursor position in editor widgets by tagoh and behdad (#198759)
* Tue Sep 5 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.5-5
- Update nopangoxft.patch
- Fix rendering of MathML thanks to Behdad Esfahbod.
- Update start page text to reflect the MathML fixes.
- Enable pango by default on all locales
- Build using -rpath
- Re-enable GCC visibility
* Thu Aug 3 2006 Kai Engert <kengert at redhat.com> 1.5.0.5-4
- Fix a build failure in mailnews mime code.
* Tue Aug 1 2006 Matthias Clasen <mclasen at redhat.com> 1.5.0.5-3
- Rebuild
* Thu Jul 27 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.5-2
- Update to 1.5.0.5
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> 1.5.0.4-2.1
- rebuild
* Mon Jun 12 2006 Kai Engert <kengert at redhat.com> 1.5.0.4-2
- Update to 1.5.0.4
- Fix desktop-file-utils requires
* Wed Apr 19 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.2-2
- Update to 1.5.0.2
* Thu Mar 16 2006 Christopher Aillon <caillon at redhat.com> 1.5-7
- Bring the other arches back
* Mon Mar 13 2006 Christopher Aillon <caillon at redhat.com> 1.5.6
- Temporarily disable other arches that we don't ship FC5 with, for time
* Mon Mar 13 2006 Christopher Aillon <caillon at redhat.com> 1.5-5
- Add a notice to the mail start page denoting this is a pango enabled build.
* Fri Feb 10 2006 Christopher Aillon <caillon at redhat.com> 1.5-3
- Add dumpstack.patch
- Improve the langpack install stuff
* Tue Feb 7 2006 Jesse Keating <jkeating at redhat.com> 1.5-2.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Jan 27 2006 Christopher Aillon <caillon at redhat.com> 1.5-2
- Add some langpacks back in
- Stop providing MozillaThunderbird
* Thu Jan 12 2006 Christopher Aillon <caillon at redhat.com> 1.5-1
- Official 1.5 release is out
* Wed Jan 11 2006 Christopher Aillon <caillon at redhat.com> 1.5-0.5.6.rc1
- Fix crash when deleting highlighted text while composing mail within
plaintext editor with spellcheck enabled.
* Tue Jan 3 2006 Christopher Aillon <caillon at redhat.com> 1.5-0.5.5.rc1
- Looks like we can build on ppc64 again.
* Fri Dec 16 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.4.rc1
- Rebuild
* Fri Dec 16 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.3.rc1
- Once again, disable ppc64 because of a new issue.
See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175944
- Use the system NSS libraries
- Build on ppc64
* Fri Dec 9 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
* Mon Nov 28 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.1.rc1
- Fix issue with popup dialogs and other actions causing lockups
* Sat Nov 5 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.0.rc1
- Update to 1.5 rc1
* Sat Oct 8 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.0.beta2
- Update to 1.5 beta2
* Wed Sep 28 2005 Christopher Aillon <caillon at redhat.com> 1.5-0.5.0.beta1
- Update to 1.5 beta1
- Bring the install phase of the spec file up to speed
* Sun Aug 14 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-4
- Rebuild
* Sat Aug 6 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-3
- Add patch to make file chooser dialog modal
* Fri Jul 22 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-2
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon at redhat.com> 1.0.6-0.1.fc5
- 1.0.6 Release Candidate
* Fri Jul 15 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-8
- Use system NSPR
- Fix crash on 64bit platforms (#160330)
* Thu Jun 23 2005 Kristian Høgsberg <krh at redhat.com> 1.0.2-7
- Add firefox-1.0-pango-cairo.patch to get rid of the last few Xft
references, fixing the "no fonts" problem.
* Fri May 13 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-6
- Change the Exec line in the desktop file to `thunderbird`
* Fri May 13 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-5
- Update pango patche, MOZ_DISABLE_PANGO now works as advertised.
* Mon May 9 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-4
- Add temporary workaround to not create files in the user's $HOME (#149664)
* Wed May 4 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-3
- Don't have downloads "disappear" when downloading to desktop (#139015)
- Fix for some more cursor issues in textareas (149991, 150002, 152089)
- Add upstream patch to fix bidi justification of pango
- Add patch to fix launching of helper applications
- Add patch to properly link against libgfxshared_s.a
- Fix multilib conflicts
* Wed Apr 27 2005 Warren Togami <wtogami at redhat.com>
- correct confusing PANGO vars in startup script
* Wed Mar 23 2005 Christopher Aillon <caillon at redhat.com> 1.0.2-1
- Thunderbird 1.0.2
* Tue Mar 8 2005 Christopher Aillon <caillon at redhat.com> 1.0-5
- Add patch to compile against new fortified glibc macros
* Sat Mar 5 2005 Christopher Aillon <caillon at redhat.com> 1.0-4
- Rebuild against GCC 4.0
- Add execshield patches
- Minor specfile cleanup
* Mon Dec 20 2004 Christopher Aillon <caillon at redhat.com> 1.0-3
- Rebuild
* Thu Dec 16 2004 Christopher Aillon <caillon at redhat.com> 1.0-2
- Add RPM version to useragent
* Thu Dec 16 2004 Christopher Blizzard <blizzard at redhat.com>
- Port over pango patches from firefox
* Wed Dec 8 2004 Christopher Aillon <caillon at redhat.com> 1.0-1
- Thunderbird 1.0
* Mon Dec 6 2004 Christopher Aillon <caillon at redhat.com> 1.0-0.rc1.1
- Fix advanced prefs
* Fri Dec 3 2004 Christopher Aillon <caillon at redhat.com>
- Make this run on s390(x) now for real
* Wed Dec 1 2004 Christopher Aillon <caillon at redhat.com> 1.0-0.rc1.0
- Update to 1.0 rc1
* Fri Nov 19 2004 Christopher Aillon <caillon at redhat.com>
- Add patches to build and run on s390(x)
* Thu Nov 11 2004 Christopher Aillon <caillon at redhat.com> 0.9.0-2
- Rebuild to fix file chooser
* Fri Nov 5 2004 Christopher Aillon <caillon at redhat.com> 0.9.0-1
- Update to 0.9
* Fri Oct 22 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-10
- Prevent inlining of stack direction detection (#135255)
* Tue Oct 19 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-9
- More file chooser fixes (same as in firefox)
- Fix for upstream 28327.
* Mon Oct 18 2004 Christopher Blizzard <blizzard at redhat.com> 0.8.0-8
- Update the pango patch
* Mon Oct 18 2004 Christopher Blizzard <blizzard at redhat.com> 0.8.0-8
- Pull over patches from firefox build:
- disable default application dialog
- don't include software update since it doesn't work
- make external app support work
* Thu Oct 14 2004 Christopher Blizzard <blizzard at redhat.com> 0.8.0-7
- Use pango for rendering
* Tue Oct 12 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-6
- Fix for 64 bit crash at startup (b.m.o #256603)
* Sat Oct 9 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-5
- Add patches to fix xremote (#135036)
* Fri Oct 8 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-4
- Add patch to fix button focus issues (#133507)
- Add patch for fix IMAP race issues (bmo #246439)
* Fri Oct 1 2004 Bill Nottingham <notting at redhat.com> 0.8.0-3
- filter out library Provides: and internal Requires:
* Tue Sep 28 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-2
- Backport the GTK+ File Chooser.
- Add fix for JS math on x86_64 systems
- Add pkgconfig patch
* Thu Sep 16 2004 Christopher Aillon <caillon at redhat.com> 0.8.0-1
- Update to 0.8.0
- Remove enigmail
- Update BuildRequires
- Remove gcc34 and extension manager patches -- they are upstreamed.
- Fix for gnome-vfs2 error at component registration
* Fri Sep 3 2004 Christopher Aillon <caillon at redhat.com> 0.7.3-5
- Build with --disable-xprint
* Wed Sep 1 2004 David Hill <djh[at]ii.net> 0.7.3-4
- remove all Xvfb-related hacks
* Wed Sep 1 2004 Warren Togami <wtogami at redhat.com>
- actually apply psfonts
- add mozilla gnome-uriloader patch to prevent build failure
* Tue Aug 31 2004 Warren Togami <wtogami at redhat.com> 0.7.3-3
- rawhide import
- apply NetBSD's freetype 2.1.8 patch
- apply psfonts patch
- remove BR on /usr/bin/ex, breaks beehive
* Tue Aug 31 2004 David Hill <djh[at]ii.net> 0.7.3-0.fdr.2
- oops, fix %install
* Thu Aug 26 2004 David Hill <djh[at]ii.net> 0.7.3-0.fdr.1
- update to Thunderbird 0.7.3 and Enigmail 0.85.0
- remove XUL.mfasl on startup, add Debian enigmail patches
- add Xvfb hack for -install-global-extension
* Wed Jul 14 2004 David Hill <djh[at]ii.net> 0.7.2-0.fdr.0
- update to 0.7.2, just because it's there
- update gcc-3.4 patch (Kaj Niemi)
- add EM registration patch and remove instdir hack
* Sun Jul 4 2004 David Hill <djh[at]ii.net> 0.7.1-0.fdr.1
- re-add Enigmime 1.0.7, omit Enigmail until the Mozilla EM problems are fixed
* Wed Jun 30 2004 David Hill <djh[at]ii.net> 0.7.1-0.fdr.0
- update to 0.7.1
- remove Enigmail
* Mon Jun 28 2004 David Hill <djh[at]ii.net> 0.7-0.fdr.1
- re-enable Enigmail 0.84.1
- add gcc-3.4 patch (Kaj Niemi)
- use official branding (with permission)
* Fri Jun 18 2004 David Hill <djh[at]ii.net> 0.7-0.fdr.0
- update to 0.7
- temporarily disable Enigmail 0.84.1, make ftp links work (#1634)
- specify libdir, change BR for apt (V. Skyttä, #1617)
* Tue May 18 2004 Warren Togami <wtogami at redhat.com> 0.6-0.fdr.5
- temporary workaround for enigmail skin "modern" bug
* Mon May 10 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.4
- update to Enigmail 0.84.0
- update launch script
* Mon May 10 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.3
- installation directory now versioned
- allow root to run the program (for installing extensions)
- remove unnecessary %pre and %post
- remove separators, update mozconfig and launch script (M. Schwendt, #1460)
* Wed May 5 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.2
- include Enigmail, re-add release notes
- delete /usr/lib/thunderbird in %pre
* Mon May 3 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.1
- update to Thunderbird 0.6
* Fri Apr 30 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.0.rc1
- update to Thunderbird 0.6 RC1
- add new icon, remove release notes
* Thu Apr 15 2004 David Hill <djh[at]ii.net> 0.6-0.fdr.0.20040415
- update to latest CVS, update mozconfig and %build accordingly
- update to Enigmail 0.83.6
- remove x-remote and x86_64 patches
- build with -Os
* Thu Apr 15 2004 David Hill <djh[at]ii.net> 0.5-0.fdr.12
- update x-remote patch
- more startup script fixes
* Tue Apr 6 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.11
- startup script fixes, and a minor cleanup
* Sun Apr 4 2004 Warren Togami <wtogami at redhat.com> 0:0.5-0.fdr.10
- Minor cleanups
* Sun Apr 4 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.8
- minor improvements to open-browser.sh and startup script
- update to latest version of Blizzard's x-remote patch
* Thu Mar 25 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.7
- update open-browser.sh, startup script, and BuildRequires
* Sun Mar 14 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.6
- update open-browser script, modify BuildRequires (Warren)
- add Blizzard's x-remote patch
- initial attempt at x-remote-enabled startup script
* Sun Mar 7 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.5
- refuse to run with excessive privileges
* Fri Feb 27 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.4
- add Mozilla x86_64 patch (Oliver Sontag)
- Enigmail source filenames now include the version
- modify BuildRoot
* Thu Feb 26 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.3
- use the updated official tarball
* Wed Feb 18 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.2
- fix %prep script
* Mon Feb 16 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.1
- update Enigmail to 0.83.3
- use official source tarball (after removing the CRLFs)
- package renamed to thunderbird
* Mon Feb 9 2004 David Hill <djh[at]ii.net> 0:0.5-0.fdr.0
- update to 0.5
- check for lockfile before launching
* Fri Feb 6 2004 David Hill <djh[at]ii.net>
- update to latest cvs
- update to Enigmail 0.83.2
* Thu Jan 29 2004 David Hill <djh[at]ii.net> 0:0.4-0.fdr.5
- update to Enigmail 0.83.1
- removed Mozilla/Firebird script patching
* Sat Jan 3 2004 David Hill <djh[at]ii.net> 0:0.4-0.fdr.4
- add startup notification to .desktop file
* Thu Dec 25 2003 Warren Togami <warren at togami.com> 0:0.4-0.fdr.3
- open-browser.sh release 3
- patch broken /usr/bin/mozilla script during install
- dir ownership
- XXX: Source fails build on x86_64... fix later
* Tue Dec 23 2003 David Hill <djh[at]ii.net> 0:0.4-0.fdr.2
- update to Enigmail 0.82.5
- add Warren's open-browser.sh (#1113)
* Tue Dec 9 2003 David Hill <djh[at]ii.net> 0:0.4-0.fdr.1
- use Thunderbird's mozilla-xremote-client to launch browser
* Sun Dec 7 2003 David Hill <djh[at]ii.net> 0:0.4-0.fdr.0
- update to 0.4
- make hyperlinks work (with recent versions of Firebird/Mozilla)
* Thu Dec 4 2003 David Hill <djh[at]ii.net>
- update to 0.4rc2
* Wed Dec 3 2003 David Hill <djh[at]ii.net>
- update to 0.4rc1 and Enigmail 0.82.4
* Thu Nov 27 2003 David Hill <djh[at]ii.net>
- update to latest CVS and Enigmail 0.82.3
* Sun Nov 16 2003 David Hill <djh[at]ii.net>
- update to latest CVS (0.4a)
- update Enigmail to 0.82.2
- alter mozconfig for new build requirements
- add missing BuildReq (#987)
* Thu Oct 16 2003 David Hill <djh[at]ii.net> 0:0.3-0.fdr.0
- update to 0.3
* Sun Oct 12 2003 David Hill <djh[at]ii.net> 0:0.3rc3-0.fdr.0
- update to 0.3rc3
- update Enigmail to 0.81.7
* Thu Oct 2 2003 David Hill <djh[at]ii.net> 0:0.3rc2-0.fdr.0
- update to 0.3rc2
* Wed Sep 17 2003 David Hill <djh[at]ii.net> 0:0.2-0.fdr.2
- simplify startup script
* Wed Sep 10 2003 David Hill <djh[at]ii.net> 0:0.2-0.fdr.1
- add GPG support (Enigmail 0.81.6)
- specfile fixes (#679)
* Thu Sep 4 2003 David Hill <djh[at]ii.net> 0:0.2-0.fdr.0
- update to 0.2
* Mon Sep 1 2003 David Hill <djh[at]ii.net>
- initial RPM
(based on the fedora MozillaFirebird-0.6.1 specfile)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
99cfea6a0cb772826352ca64e5494fbe558e2fbe SRPMS/thunderbird-1.5.0.8-1.fc6.src.rpm
99cfea6a0cb772826352ca64e5494fbe558e2fbe noarch/thunderbird-1.5.0.8-1.fc6.src.rpm
6634175354dc930e6c25e03faab67a8f1cd4ba82 ppc/thunderbird-1.5.0.8-1.fc6.ppc.rpm
ed3990bd5dff7ab159b903c37c332748f18e3fe6 ppc/debug/thunderbird-debuginfo-1.5.0.8-1.fc6.ppc.rpm
6f5c7c63f2c7cd41b0e4a7b9f7f365c0026d7a01 x86_64/thunderbird-1.5.0.8-1.fc6.x86_64.rpm
aba3c37643076fb372349d6adc9be0e64d11bb73 x86_64/debug/thunderbird-debuginfo-1.5.0.8-1.fc6.x86_64.rpm
acda34272c98b0100e370c63c426040da18728e1 i386/thunderbird-1.5.0.8-1.fc6.i386.rpm
45f0fa39c006fffb23723810af2d8998dc3e8586 i386/debug/thunderbird-debuginfo-1.5.0.8-1.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list