Your message dated Thu, 28 Jul 2005 16:03:02 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318728: fixed in mozilla-thunderbird 1.0.6-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Jul 2005 10:16:35 +0000
>From [EMAIL PROTECTED] Sun Jul 17 03:16:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1Du6CI-0003g1-00; Sun, 17 Jul 2005 03:16:35 -0700
Received: from dsl-082-082-144-170.arcor-ip.net ([82.82.144.170]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1Du6CG-0000CJ-Um
for [EMAIL PROTECTED]; Sun, 17 Jul 2005 12:16:33 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
id 1Du6CF-0002Xx-9U; Sun, 17 Jul 2005 12:16:31 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-thunderbird: Multiple security problems
X-Mailer: reportbug 3.15
Date: Sun, 17 Jul 2005 12:16:31 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.82.144.170
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: mozilla-thunderbird
Severity: grave
Tags: security
Justification: user security hole
Thunderbird 1.0.5 fixes these nine security issues, some of which
are classified as critical by the Mozilla developers:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo()
CAN-2005-2261: XML scripts ran even when Javascript disabled
CAN-2005-1532: Privilege escalation via non-DOM property overrides
CAN-2005-1160: Privilege escalation via DOM property overrides
CAN-2005-1159: Missing Install object instance checks
CAN-2005-0989: Javascript "lambda" replace exposes memory contents
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 318728-close) by bugs.debian.org; 28 Jul 2005 23:11:30 +0000
>From [EMAIL PROTECTED] Thu Jul 28 16:11:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1DyHP4-0001u8-00; Thu, 28 Jul 2005 16:03:02 -0700
From: Alexander Sack <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#318728: fixed in mozilla-thunderbird 1.0.6-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 28 Jul 2005 16:03:02 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 8
Source: mozilla-thunderbird
Source-Version: 1.0.6-1
We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:
mozilla-thunderbird-dev_1.0.6-1_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-1_i386.deb
mozilla-thunderbird-inspector_1.0.6-1_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-1_i386.deb
mozilla-thunderbird-offline_1.0.6-1_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-1_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-1_i386.deb
to
pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-1_i386.deb
mozilla-thunderbird_1.0.6-1.diff.gz
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-1.diff.gz
mozilla-thunderbird_1.0.6-1.dsc
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-1.dsc
mozilla-thunderbird_1.0.6-1_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-1_i386.deb
mozilla-thunderbird_1.0.6.orig.tar.gz
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <[EMAIL PROTECTED]> (supplier of updated mozilla-thunderbird
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 21 Jul 2005 21:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector
mozilla-thunderbird mozilla-thunderbird-typeaheadfind
mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-1
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <[EMAIL PROTECTED]>
Changed-By: Alexander Sack <[EMAIL PROTECTED]>
Description:
mozilla-thunderbird - Mozilla Thunderbird standalone mail client
mozilla-thunderbird-dev - mozilla thunderbird development files
mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
mozilla-thunderbird-offline - mozilla thunderbird offline extension
mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 285728 301481 301481 306893 308961 315588 317937 318728 318747
Changes:
mozilla-thunderbird (1.0.6-1) unstable; urgency=high
.
* GCC/G++ 4.0 API transition upload.
* include 90_new_freetype_fix.dpatch to fix new freetype API
(Closes: 301481, 301481) - consumed from mozilla-firefox packages ...
thx to Eric Dorland <[EMAIL PROTECTED]>
* include 90_gcc4_fix.dpatch
* fixes multiple security bugs (Closes: 318728)
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible exploitable crash in InstallVersion.compareTo()
CAN-2005-2261: XML scripts ran even when Javascript disabled
CAN-2005-1532: Privilege escalation via non-DOM property overrides
CAN-2005-1160: Privilege escalation via DOM property overrides
CAN-2005-1159: Missing Install object instance checks
CAN-2005-0989: Javascript "lambda" replace exposes memory contents
* fix gdk_property_get problem that might cause a segfault (Closes: 317937)
patch by Loic Minier <[EMAIL PROTECTED]>
debian/patches/gdk_property_get.dpatch
* fix CAN-2005-2353: insecure tmp file usage in run-mozilla.sh (Closes:
306893)
debian/patches/20_run-mozilla_sh_306893_fix.dpatch
* include german de.po translation (Closes: 318747)
by Alwin Meschede <[EMAIL PROTECTED]>
* fixed whitespace in mozilla-thunderbird.templates (Closes: 308961)
hint by Clytie Siddall <[EMAIL PROTECTED]>
* apply fix for seamonkey migration crash (Closes: 285728)
90_mail_components_miration_src_nsSeamonkeyProfileMigrator_cpp
* fix 'find' in update-mozilla-thunderbird-chrome (Closes: 315588)
patch by Michael Spang <[EMAIL PROTECTED]>
Files:
51519a5bca58bee8543b1a34ef5610dc 899 mail optional
mozilla-thunderbird_1.0.6-1.dsc
6ae9de9f17f05d2143ec363b306d7acd 32933648 mail optional
mozilla-thunderbird_1.0.6.orig.tar.gz
bf1fa30dfb444205b86a61f5e78a843f 94906 mail optional
mozilla-thunderbird_1.0.6-1.diff.gz
e7b1c9f87d26e3cf156d6545a0103285 10636448 mail optional
mozilla-thunderbird_1.0.6-1_i386.deb
92f8f390116106ab2ab8fb68d845876d 26990 mail optional
mozilla-thunderbird-offline_1.0.6-1_i386.deb
aa713a12db4d22bc57930f2c9ccd851b 139336 mail optional
mozilla-thunderbird-inspector_1.0.6-1_i386.deb
a9ed78214f3a089a357f26a461d8930d 78158 mail optional
mozilla-thunderbird-typeaheadfind_1.0.6-1_i386.deb
e2f8d0c00569c57863e855083f214fc9 3563724 mail optional
mozilla-thunderbird-dev_1.0.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6VT5v8pLOKgkuT8RApwWAKDBPY+CQP13zY341DzTy841vdQCbACdF7ya
6nbnC0C/1sNTLQ57DeSge5c=
=Zfhc
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
