Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-thunderbird-10.0.8-1.mga1 RPM for x86_64

From Mageia 1 for x86_64 / media / core / updates

Name: mozilla-thunderbird Distribution: Mageia
Version: 10.0.8 Vendor: Mageia.Org
Release: 1.mga1 Build date: Tue Oct 9 00:23:23 2012
Group: Networking/Mail Build host:
Size: 44804018 Source RPM: mozilla-thunderbird-10.0.8-1.mga1.src.rpm
Packager: fwang <fwang>
Summary: Full-featured email, RSS, and newsgroup client
Mozilla Thunderbird is a full-featured email, RSS and newsgroup client that
makes emailing safer, faster and easier than ever before.






* Tue Oct 09 2012 fwang <fwang> 0:10.0.8-1.mga1
  + Revision: 303679
  - new version 10.0.8esr
  - new version 10.0.6
  - new version 10.0.5esr
  - new version 10.0.3 ESR (Extended Support Release)
    o fixes
      (XSS with Drag and Drop and Javascript: URL [CVE-2012-0455])
    o fixes
      (SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457])
    o fixes
      (XSS with multiple Content Security Policy headers [CVE-2012-0451])
    o fixes
      (Escalation of privilege with Javascript: URL as home page [CVE-2012-0458])
    o fixes
      (Crash when accessing keyframe cssText after dynamic modification
    o fixes
      (window.fullScreen writeable by untrusted content [CVE-2012-0460])
    o fixes
      (Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:
      [CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ])
  - new version 3.1.12
    + doktor5000 <doktor5000>
      - new version 10.0.7
      - new version 10.0.4 ESR (Extended Support Release)
        o fixes
          (Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
        o fixes
          (use-after-free in IDBKeyRange[CVE-2012-0469])
        o fixes
          (Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
        o fixes
          (Potential XSS via multibyte content processing errors [CVE-2012-0471])
        o fixes
          (Potential memory corruption during font rendering using cairo-dwrite
        o fixes
          (WebGL.drawElements may read illegal video memory due to
           FindMaxUshortElement error [CVE-2012-0473])
        o fixes
          (Page load short-circuit can lead to XSS [CVE-2012-0474])
        o fixes
          (Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
        o fixes
          (Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
        o fixes
          (Crash with WebGL content using textImage2D [CVE-2012-0478])
        o fixes
          (Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
        o fixes
          (Potential site identity spoofing when loading RSS and Atom feeds
      - switch to Enigmail 1.4, officially supported version for ESR releases
        o fixes a problem with inline PGP decrpytion
      - use system nss shlibsign instead of missing bundled one
      - remove unused Sources
      - change Requires on libcanberra to Suggests
      - new version 10.0.2 ESR (Extended Support Release)
        o fixes
          (libpng integer overflow [CVE-2011-3026])
      - drop all unused patches
      - remove useless commented-out stuff
      - new version 10.0.1, switch to ESR (Extended Support Release)
        o fixes
          (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443]
           fixed in 10.0 )
        o fixes
          (<iframe> element exposed across domains via name attribute [CVE-2012-0445]
           fixed in 10.0)
        o fixes
          (child nodes from nsDOMAttribute still accessible after removal of nodes
           [CVE-2011-3659] fixed in 10.0)
        o fixes
          (frame scripts calling into untrusted objects bypass security checks
           [CVE-2012-0446] fixed in 10.0)
        o fixes
          (uninitialized memory appended when encoding icon images may cause
           information disclosure [CVE-2012-0447] fixed in 10.0
        o fixes
          (potential Memory Corruption When Decoding Ogg Vorbis files
           [CVE-2012-0444] fixed in 10.0)
        o fixes
          (crash with malformed embedded XSLT stylesheets [CVE-2012-0449]
        o fixes
          (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452])
      - update enigmail to 1.3.5, needed for thunderbird 10.0
      - updated mageia-default-prefs.js, reenabled locale matching to system locale
      - change new default preference (extensions.autoDisableScopes) to not
        automatically disable systemwide installed addons, like language packs
      - added BuildRequires on yasm, mesagl-devel, startup-notification-devel, dbus,
        libevent-devel and libvpx-devel
      - added Requires on libcanberra for playing sounds
      - add Patch100 to use libcanberra for playing sounds (rediffed from upstream,
      - rediffed Patch201, disabling default application dialog on Thunderbird start
      - use bundled libpng, system one is too old and updating it is a no-go for mga1
      - do not build against system libxul, add requires_exception for libxul
      - disable updater and bundled lightning, disable compilation of lightning
      - enable gio, vpx and libevent and optimization
      - use org.mageia as distribution id
      - removed thunderbird.cfg
      - add -fPIC to CFLAGS
      - new version 3.1.18
        o fixes
          (.jar files not being treated as executables on MacOS [CVE-2011-3666]
           fixed in 3.1.17)
        o fixes
          (Miscellaneous memory safety hazards [(rv:10.0/ [CVE-2012-0443,
        o fixes
          (Overly permissive IPv6 literal syntax [CVE-2011-3670])
        o fixes
          (Child nodes from nsDOMAttribute still accessible after removal of nodes,
        o fixes
          (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444])
        o fixes
          (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449])
      - new version 3.1.16
        o fixes
          (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page
           could potentially exploit a Thunderbird user who had installed an add-on
           that used loadSubscript in vulnerable ways)
        o fixes
          (Potential cross-site-scripting against sites using Shift-JIS encoding,
        o fixes
          (memory corruption while profiling using Firebug, CVE-2011-3650)
      - fixed CVE-2011-3640, untrusted search path vulnerability which might allow
        local users to gain privileges via a Trojan horse pkcs11.txt file in a
        top-level directory (fix-CVE-2011-3640.patch, from upstream)
      - new version 3.1.15
        o fixes
          (Protection against fraudulent DigiNotar certificates,
           fixed in thunderbird 3.1.13)
        o fixes
          (Additional protection against fraudulent DigiNotar certificates,
          fixed in thunderbird 3.1.14)
* Fri Apr 29 2011 ahmad <ahmad> 0:3.1.10-1.mga1
  + Revision: 93463
  - Update to 3.1.10
  - Rediff run-mozilla patch
  - Drop an old patch from SOURCES dir
* Fri Mar 25 2011 ahmad <ahmad> 0:3.1.9-11.mga1
  + Revision: 77483
  - revert previous commit, gio support doesn't work as it should resulting in http/
    https links handler having to be configured manually for all new and old tb profiles.
    gnomevfs support at least reads the value from gconf settings (which uses www-
    browser by default)
* Mon Mar 21 2011 ahmad <ahmad> 0:3.1.9-10.mga1
  + Revision: 75310
  - disable gnomvfs support
  - enable gio support
  - disable updater as we don't support updating the application this way
* Wed Mar 16 2011 ahmad <ahmad> 0:3.1.9-8.mga1
  + Revision: 72283
  - conflict with mozilla-thunderbird-lightning <= 1.3.9
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-7.mga1
  + Revision: 68321
  - drop old/uneeded scriptlets that update the destkop-database and hicolor
    icon-cache; they were replaced by rpm filetriggers ages ago
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-6.mga1
  + Revision: 68246
  - don't obsolete -lightning here and in the mozilla-thunderbird-lightning src.rpm
    urpmi can't smoothly handle a package obsoleted by two packages
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-5.mga1
  + Revision: 68165
  - obsolete the -lightning sub-package that was built from thunderbird src.rpm
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-4.mga1
  + Revision: 68147
  - define build_bundled_lightning, and disable it:
   o the thunderbird tarball doesn't have the langpacks for lightning
   o lightning has a separate release schedule (Fedora)
* Wed Mar 09 2011 colin <colin> 0:3.1.9-2.mga1
  + Revision: 66827
  - Extract the correct plugin id from lightning extension
* Sat Mar 05 2011 ahmad <ahmad> 0:3.1.9-1.mga1
  + Revision: 64596
  - update to 3.1.9
    + dmorgan <dmorgan>
      - obsoletes old package
* Tue Mar 01 2011 ahmad <ahmad> 0:3.1.8-1.mga1
  + Revision: 62332
  - update to 3.1.8
* Mon Feb 28 2011 dmorgan <dmorgan> 0:3.1.7-3.mga1
  + Revision: 61407
  - Remove remaining mdv macro
  - Remove remaining mdv macro
  - Fix %els
  - Fix %else
  - Adapt for mageia
  - Remove mdv macros
    Adapt for mageia
    + ennael <ennael>
      - imported package mozilla-thunderbird



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 10 04:43:45 2020