Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-thunderbird-enigmail-10.0.7-1.mga1 RPM for x86_64

From Mageia 1 for x86_64 / media / core / updates

Name: mozilla-thunderbird-enigmail Distribution: Mageia
Version: 10.0.7 Vendor: Mageia.Org
Release: 1.mga1 Build date: Sun Aug 26 17:51:21 2012
Group: Networking/Mail Build host:
Size: 1909333 Source RPM: mozilla-thunderbird-10.0.7-1.mga1.src.rpm
Packager: doktor5000 <doktor5000>
Summary: Access the authentication and encryption features provided by GnuPG
Enigmail is an extension to the mail client of Mozilla Thunderbird
which allows users to access the authentication and encryption
features provided by GnuPG.

Main Features

    * Encrypt/sign mail when sending, decrypt/authenticate received
    * Support for inline-PGP (RFC 2440) and PGP/MIME (RFC 3156)
    * Per-Account based encryption and signing defaults
    * Per-Recipient rules for automated key selection, and
      enabling/disabling encryption and signing
    * OpenPGP key management interface






* Sun Aug 26 2012 doktor5000 <doktor5000> 0:10.0.7-1.mga1
  + Revision: 284206
  - new version 10.0.7
  - new version 10.0.4 ESR (Extended Support Release)
    o fixes
      (Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
    o fixes
      (use-after-free in IDBKeyRange[CVE-2012-0469])
    o fixes
      (Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
    o fixes
      (Potential XSS via multibyte content processing errors [CVE-2012-0471])
    o fixes
      (Potential memory corruption during font rendering using cairo-dwrite
    o fixes
      (WebGL.drawElements may read illegal video memory due to
       FindMaxUshortElement error [CVE-2012-0473])
    o fixes
      (Page load short-circuit can lead to XSS [CVE-2012-0474])
    o fixes
      (Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
    o fixes
      (Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    o fixes
      (Crash with WebGL content using textImage2D [CVE-2012-0478])
    o fixes
      (Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
    o fixes
      (Potential site identity spoofing when loading RSS and Atom feeds
  - switch to Enigmail 1.4, officially supported version for ESR releases
    o fixes a problem with inline PGP decrpytion
  - use system nss shlibsign instead of missing bundled one
  - remove unused Sources
  - change Requires on libcanberra to Suggests
  - new version 10.0.2 ESR (Extended Support Release)
    o fixes
      (libpng integer overflow [CVE-2011-3026])
  - drop all unused patches
  - remove useless commented-out stuff
  - new version 10.0.1, switch to ESR (Extended Support Release)
    o fixes
      (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443]
       fixed in 10.0 )
    o fixes
      (<iframe> element exposed across domains via name attribute [CVE-2012-0445]
       fixed in 10.0)
    o fixes
      (child nodes from nsDOMAttribute still accessible after removal of nodes
       [CVE-2011-3659] fixed in 10.0)
    o fixes
      (frame scripts calling into untrusted objects bypass security checks
       [CVE-2012-0446] fixed in 10.0)
    o fixes
      (uninitialized memory appended when encoding icon images may cause
       information disclosure [CVE-2012-0447] fixed in 10.0
    o fixes
      (potential Memory Corruption When Decoding Ogg Vorbis files
       [CVE-2012-0444] fixed in 10.0)
    o fixes
      (crash with malformed embedded XSLT stylesheets [CVE-2012-0449]
    o fixes
      (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452])
  - update enigmail to 1.3.5, needed for thunderbird 10.0
  - updated mageia-default-prefs.js, reenabled locale matching to system locale
  - change new default preference (extensions.autoDisableScopes) to not
    automatically disable systemwide installed addons, like language packs
  - added BuildRequires on yasm, mesagl-devel, startup-notification-devel, dbus,
    libevent-devel and libvpx-devel
  - added Requires on libcanberra for playing sounds
  - add Patch100 to use libcanberra for playing sounds (rediffed from upstream,
  - rediffed Patch201, disabling default application dialog on Thunderbird start
  - use bundled libpng, system one is too old and updating it is a no-go for mga1
  - do not build against system libxul, add requires_exception for libxul
  - disable updater and bundled lightning, disable compilation of lightning
  - enable gio, vpx and libevent and optimization
  - use org.mageia as distribution id
  - removed thunderbird.cfg
  - add -fPIC to CFLAGS
  - new version 3.1.18
    o fixes
      (.jar files not being treated as executables on MacOS [CVE-2011-3666]
       fixed in 3.1.17)
    o fixes
      (Miscellaneous memory safety hazards [(rv:10.0/ [CVE-2012-0443,
    o fixes
      (Overly permissive IPv6 literal syntax [CVE-2011-3670])
    o fixes
      (Child nodes from nsDOMAttribute still accessible after removal of nodes,
    o fixes
      (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444])
    o fixes
      (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449])
  - new version 3.1.16
    o fixes
      (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page
       could potentially exploit a Thunderbird user who had installed an add-on
       that used loadSubscript in vulnerable ways)
    o fixes
      (Potential cross-site-scripting against sites using Shift-JIS encoding,
    o fixes
      (memory corruption while profiling using Firebug, CVE-2011-3650)
  - fixed CVE-2011-3640, untrusted search path vulnerability which might allow
    local users to gain privileges via a Trojan horse pkcs11.txt file in a
    top-level directory (fix-CVE-2011-3640.patch, from upstream)
  - new version 3.1.15
    o fixes
      (Protection against fraudulent DigiNotar certificates,
       fixed in thunderbird 3.1.13)
    o fixes
      (Additional protection against fraudulent DigiNotar certificates,
      fixed in thunderbird 3.1.14)
    + fwang <fwang>
      - new version 10.0.6
      - new version 10.0.5esr
      - new version 10.0.3 ESR (Extended Support Release)
        o fixes
          (XSS with Drag and Drop and Javascript: URL [CVE-2012-0455])
        o fixes
          (SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457])
        o fixes
          (XSS with multiple Content Security Policy headers [CVE-2012-0451])
        o fixes
          (Escalation of privilege with Javascript: URL as home page [CVE-2012-0458])
        o fixes
          (Crash when accessing keyframe cssText after dynamic modification
        o fixes
          (window.fullScreen writeable by untrusted content [CVE-2012-0460])
        o fixes
          (Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:
          [CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ])
      - new version 3.1.12
* Fri Apr 29 2011 ahmad <ahmad> 0:3.1.10-1.mga1
  + Revision: 93463
  - Update to 3.1.10
  - Rediff run-mozilla patch
  - Drop an old patch from SOURCES dir
* Fri Mar 25 2011 ahmad <ahmad> 0:3.1.9-11.mga1
  + Revision: 77483
  - revert previous commit, gio support doesn't work as it should resulting in http/
    https links handler having to be configured manually for all new and old tb profiles.
    gnomevfs support at least reads the value from gconf settings (which uses www-
    browser by default)
* Mon Mar 21 2011 ahmad <ahmad> 0:3.1.9-10.mga1
  + Revision: 75310
  - disable gnomvfs support
  - enable gio support
  - disable updater as we don't support updating the application this way
* Wed Mar 16 2011 ahmad <ahmad> 0:3.1.9-8.mga1
  + Revision: 72283
  - conflict with mozilla-thunderbird-lightning <= 1.3.9
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-7.mga1
  + Revision: 68321
  - drop old/uneeded scriptlets that update the destkop-database and hicolor
    icon-cache; they were replaced by rpm filetriggers ages ago
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-6.mga1
  + Revision: 68246
  - don't obsolete -lightning here and in the mozilla-thunderbird-lightning src.rpm
    urpmi can't smoothly handle a package obsoleted by two packages
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-5.mga1
  + Revision: 68165
  - obsolete the -lightning sub-package that was built from thunderbird src.rpm
* Fri Mar 11 2011 ahmad <ahmad> 0:3.1.9-4.mga1
  + Revision: 68147
  - define build_bundled_lightning, and disable it:
   o the thunderbird tarball doesn't have the langpacks for lightning
   o lightning has a separate release schedule (Fedora)
* Wed Mar 09 2011 colin <colin> 0:3.1.9-2.mga1
  + Revision: 66827
  - Extract the correct plugin id from lightning extension
* Sat Mar 05 2011 ahmad <ahmad> 0:3.1.9-1.mga1
  + Revision: 64596
  - update to 3.1.9
    + dmorgan <dmorgan>
      - obsoletes old package
* Tue Mar 01 2011 ahmad <ahmad> 0:3.1.8-1.mga1
  + Revision: 62332
  - update to 3.1.8
* Mon Feb 28 2011 dmorgan <dmorgan> 0:3.1.7-3.mga1
  + Revision: 61407
  - Remove remaining mdv macro
  - Remove remaining mdv macro
  - Fix %els
  - Fix %else
  - Adapt for mageia
  - Remove mdv macros
    Adapt for mageia
    + ennael <ennael>
      - imported package mozilla-thunderbird



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Jan 10 12:53:46 2019