[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jul 20 19:32:33 UTC 2007
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1180
2007-07-20 12:32:17.311992
--------------------------------------------------------------------------------
Name : thunderbird
Product : Fedora 7
Version : 2.0.0.5
Release : 1.fc7
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
--------------------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)
Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 2.0.0.5-1
- 2.0.0.5
* Fri Jun 15 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-1
- 2.0.0.4
* Fri Jun 8 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-0.rc1
- 2.0.0.4 rc1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ] CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ] CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ] CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ] CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ] CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ] CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:
406b91a7a359a5116abc1de38d66f02475330193 thunderbird-2.0.0.5-1.fc7.ppc64.rpm
2b7400c86c54e4b77fda5c8c5d7f6e57e3a4eadb thunderbird-debuginfo-2.0.0.5-1.fc7.ppc64.rpm
f7f02885088254a8257fd6d20728785a600adaf5 thunderbird-debuginfo-2.0.0.5-1.fc7.i386.rpm
34c53a1f3b96d014e8bb6ca02704590be0baa980 thunderbird-2.0.0.5-1.fc7.i386.rpm
4d5328a7b0744d9cb9f73648e959c0cc7d62dee1 thunderbird-debuginfo-2.0.0.5-1.fc7.x86_64.rpm
1c57f5e01d960b6a0600cc7817764f13602058e7 thunderbird-2.0.0.5-1.fc7.x86_64.rpm
1c5eaadb7684dac209c38b9f1fcff1a002caed2c thunderbird-debuginfo-2.0.0.5-1.fc7.ppc.rpm
0fe3b5c19898df0c2976fdc8e19482dbe0903707 thunderbird-2.0.0.5-1.fc7.ppc.rpm
d8525d565bd1523e8763f0aee0ec463257af98e2 thunderbird-2.0.0.5-1.fc7.src.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list