Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-thunderbird-10.0.7-1.mga1 RPM for x86_64

From Mageia 1 for x86_64 / media / core / updates

Name: mozilla-thunderbird Distribution: Mageia
Version: 10.0.7 Vendor: Mageia.Org
Release: 1.mga1 Build date: Sun Aug 26 17:51:21 2012
Group: Networking/Mail Build host:
Size: 44794253 Source RPM: mozilla-thunderbird-10.0.7-1.mga1.src.rpm
Packager: doktor5000 <doktor5000>
Summary: Full-featured email, RSS, and newsgroup client
Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that
makes emailing safer, faster and easier than ever before.






* Sun Aug 26 2012 doktor5000 <doktor5000> 0:10.0.7-1.mga1
  + Revision: 284206
  - new version 10.0.7
  - new version 10.0.4 ESR (Extended Support Release)
    o fixes
      (Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
    o fixes
      (use-after-free in IDBKeyRange[CVE-2012-0469])
    o fixes
      (Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
    o fixes
      (Potential XSS via multibyte content processing errors [CVE-2012-0471])
    o fixes
      (Potential memory corruption during font rendering using cairo-dwrite
    o fixes
      (WebGL.drawElements may read illegal video memory due to
       FindMaxUshortElement error [CVE-2012-0473])
    o fixes
      (Page load short-circuit can lead to XSS [CVE-2012-0474])
    o fixes
      (Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
    o fixes
      (Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    o fixes
      (Crash with WebGL content using textImage2D [CVE-2012-0478])
    o fixes
      (Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
    o fixes
      (Potential site identity spoofing when loading RSS and Atom feeds
  - switch to Enigmail 1.4, officially supported version for ESR releases
    o fixes a problem with inline PGP decrpytion
  - use system nss shlibsign instead of missing bundled one
  - remove unused Sources
  - change Requires on libcanberra to Suggests
  - new version 10.0.2 ESR (Extended Support Release)
    o fixes
      (libpng integer overflow [CVE-2011-3026])
  - drop all unused patches
  - remove useless commented-out stuff
  - new version 10.0.1, switch to ESR (Extended Support Release)
    o fixes
      (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443]
       fixed in 10.0 )
    o fixes
      (<iframe> element exposed across domains via name attribute [CVE-2012-0445]
       fixed in 10.0)
    o fixes
      (child nodes from nsDOMAttribute still accessible after removal of nodes
       [CVE-2011-3659] fixed in 10.0)
    o fixes
      (frame scripts calling into untrusted objects bypass security checks
       [CVE-2012-0446] fixed in 10.0)
    o fixes
      (uninitialized memory appended when encoding icon images may cause
       information disclosure [CVE-2012-0447] fixed in 10.0
    o fixes
      (potential Memory Corruption When Decoding Ogg Vorbis files
       [CVE-2012-0444] fixed in 10.0)
    o fixes
      (crash with malformed embedded XSLT stylesheets [CVE-2012-0449]
    o fixes
      (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452])
  - update enigmail to 1.3.5, needed for thunderbird 10.0
  - updated mageia-default-prefs.js, reenabled locale matching to system locale
  - change new default preference (extensions.autoDisableScopes) to not
    automatically disable systemwide installed addons, like language packs
  - added BuildRequires on yasm, mesagl-devel, startup-notification-devel, dbus,
    libevent-devel and libvpx-devel
  - added Requires on libcanberra for playing sounds
  - add Patch100 to use libcanberra for playing sounds (rediffed from upstream,
  - rediffed Patch201, disabling default application dialog on Thunderbird start
  - use bundled libpng, system one is too old and updating it is a no-go for mga1
  - do not build against system libxul, add requires_exception for libxul
  - disable updater and bundled lightning, disable compilation of lightning
  - enable gio, vpx and libevent and optimization
  - use org.mageia as distribution id
  - removed thunderbird.cfg
  - add -fPIC to CFLAGS
  - new version 3.1.18
    o fixes
      (.jar files not being treated as executables on MacOS [CVE-2011-3666]
       fixed in 3.1.17)
    o fixes
      (Miscellaneous memory safety hazards [(rv:10.0/ [CVE-2012-0443,
    o fixes
      (Overly permissive IPv6 literal syntax [CVE-2011-3670])
    o fixes
      (Child nodes from nsDOMAttribute still accessible after removal of nodes,
    o fixes
      (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444])
    o fixes
      (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449])
  - new version 3.1.16
    o fixes
      (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page
       could potentially exploit a Thunderbird user who had installed an add-on
       that used loadSubscript in vulnerable ways)
    o fixes
      (Potential cross-site-scripting against sites using Shift-JIS encoding,
    o fixes
      (memory corruption while profiling using Firebug, CVE-2011-3650)
  - fixed CVE-2011-3640, untrusted search path vulnerability which might allow
    local users to gain privileges via a Trojan horse pkcs11.txt file in a
    top-level directory (fix-CVE-2011-3640.patch, from upstream)
  - new version 3.1.15
    o fixes
      (Protection against fraudulent DigiNotar certificates,
       fixed in thunderbird 3.1.13)
    o fixes
      (Additional protection against fraudulent DigiNotar certificates,
      fixed in thunderbird 3.1.14)
    + fwang <fwang>
      - new version 10.0.6
      - new version 10.0.5esr
      - new version 10.0.3 ESR (Extended Support Release)
        o fixes
          (XSS with Drag and Drop and Javascript: URL [CVE-2012-0455])
        o fixes
          (SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457])
        o fixes
          (XSS with multiple Content Security Policy headers [CVE-2012-0451])
        o fixes
          (Escalation of privilege with Javascript: URL as home page [CVE-2012-0458])
        o fixes
          (Crash when accessing keyframe cssText after dynamic modification
        o fixes
          (window.fullScreen writeable by untrusted content [CVE-2012-0460])
        o fixes
          (Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:
          [CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ])
      - new version 3.1.12
* Fri Apr 29 2011 ahmad <ahmad> 0:3.1.10-1.mga1
  + Revision: 93463
  - Update to 3.1.10
  - Rediff run-mozilla patch
  - Drop an old patch from SOURCES dir
* Fri Mar 25 2011 ahmad <ahmad> 0:3.1.9-11.mga1
  + Revision: 77483
  - revert previous commit, gio support doesn't work as it should resulting in http/
    https links handler having to be configured manually for all new and old tb profiles.
    gnomevfs support at least reads the value from gconf settings (which uses www-
    browser by default)
* Mon Mar 21 2011 ahmad <ahmad> 0:3.1.9-10.mga1
  + Revision: 75310
  - disable gnomvfs support
  - enable gio support
  - disable updater as we don't support updating the application this way
* Wed Mar 16 2011 ahmad <ahmad> 0:3.1.9-8.mga1
  + Revision: 72283
  - conflict with mozilla-thunderbird-lightning <= 1.3.9
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-7.mga1
  + Revision: 68321
  - drop old/uneeded scriptlets that update the destkop-database and hicolor
    icon-cache; they were replaced by rpm filetriggers ages ago
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-6.mga1
  + Revision: 68246
  - don't obsolete -lightning here and in the mozilla-thunderbird-lightning src.rpm
    urpmi can't smoothly handle a package obsoleted by two packages
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-5.mga1
  + Revision: 68165
  - obsolete the -lightning sub-package that was built from thunderbird src.rpm
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-4.mga1
  + Revision: 68147
  - define build_bundled_lightning, and disable it:
   o the thunderbird tarball doesn't have the langpacks for lightning
   o lightning has a separate release schedule (Fedora)
* Wed Mar 09 2011 colin <colin> 0:3.1.9-2.mga1
  + Revision: 66827
  - Extract the correct plugin id from lightning extension
* Sat Mar 05 2011 ahmad <ahmad> 0:3.1.9-1.mga1
  + Revision: 64596
  - update to 3.1.9
    + dmorgan <dmorgan>
      - obsoletes old package
* Tue Mar 01 2011 ahmad <ahmad> 0:3.1.8-1.mga1
  + Revision: 62332
  - update to 3.1.8
* Mon Feb 28 2011 dmorgan <dmorgan> 0:3.1.7-3.mga1
  + Revision: 61407
  - Remove remaining mdv macro
  - Remove remaining mdv macro
  - Fix %els
  - Fix %else
  - Adapt for mageia
  - Remove mdv macros
    Adapt for mageia
    + ennael <ennael>
      - imported package mozilla-thunderbird



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 10 04:43:45 2020