Ubuntu
mozilla-thunderbird package

shell command execution

Bug #22260 reported by Debian Bug Importer
12
Affects Status Importance Assigned to Milestone
mozilla-thunderbird (Debian)
Fix Released
Unknown
mozilla-thunderbird (Ubuntu)
Fix Released
High
Adam Conrad

Bug Description

Automatically imported from Debian bug report #329664 http://bugs.debian.org/329664

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #329664 http://bugs.debian.org/329664

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-id: <email address hidden>
Date: Thu, 22 Sep 2005 16:53:02 +0200
From: Sebastian Ley <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: shell command execution

Package: mozilla-thunderbird
Severity: grave
Tags: security

Secunia reports in http://secunia.com/advisories/16901/ that thunderbird
can be exploited to execute arbitrary shell commands in the context of
the user running thuderbird.

This bug has been assigned CAN-2005-2968.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Revision history for this message
In , Y Giridhar Appaji Nag (debian-appaji) wrote : Re: Bug#329667: mozilla-thunderbird --compose executes shell commands

merge 329664 329667
thanks

On 05/09/22 17:27 +0200, Florian Weimer said ...
> Package: mozilla-thunderbird
> Version: 1.0.6-3
> Severity: grave
> Tags: security
>
> The --compose option executes shell commands:
>
> mozilla-thunderbird --compose 'mailto:`df`'
>
> The df output appears in the To: line of the message.
>
> (This is related to the recently disclosed Firefox bug, which does not
> seem to affect Debian thanks to a different wrapper script.)

--
Y Giridhar Appaji Nag | http://www.appaji.net/

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 23 Sep 2005 15:41:02 +0530
From: Y Giridhar Appaji Nag <email address hidden>
To: Florian Weimer <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#329667: mozilla-thunderbird --compose executes shell commands

merge 329664 329667
thanks

On 05/09/22 17:27 +0200, Florian Weimer said ...
> Package: mozilla-thunderbird
> Version: 1.0.6-3
> Severity: grave
> Tags: security
>
> The --compose option executes shell commands:
>
> mozilla-thunderbird --compose 'mailto:`df`'
>
> The df output appears in the To: line of the message.
>
> (This is related to the recently disclosed Firefox bug, which does not
> seem to affect Debian thanks to a different wrapper script.)

--
Y Giridhar Appaji Nag | http://www.appaji.net/

Revision history for this message
Debian Bug Importer (debzilla) wrote :

*** Bug 22261 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Alexander Sack (asac) wrote : setting pending upload

tags 329664 + pending
tags 329667 + pending
tags 325536 + pending
tags 292475 + pending
thanks

I will wait one or two more days, because mozilla is about to release
1.0.7 which addresses several security issues.

Setting pending, because the 1.0.6 package is ready here.

 - Alexander

 p.s. please take care that the bug is listed as To: or CC: when
      replying to this mail (e.g. /reply-all/).
--
 GPG messages preferred. | .''`. ** Debian GNU/Linux **
 Alexander Sack | : :' : The universal
 <email address hidden> | `. `' Operating System
 http://www.asoftsite.org | `- http://www.debian.org/

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Mon, 26 Sep 2005 12:21:53 +0200
From: Alexander Sack - Debian Bugmail <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>, <email address hidden>,
 <email address hidden>
Subject: setting pending upload

tags 329664 + pending
tags 329667 + pending
tags 325536 + pending
tags 292475 + pending
thanks

I will wait one or two more days, because mozilla is about to release
1.0.7 which addresses several security issues.

Setting pending, because the 1.0.6 package is ready here.

 - Alexander

 p.s. please take care that the bug is listed as To: or CC: when
      replying to this mail (e.g. /reply-all/).
--
 GPG messages preferred. | .''`. ** Debian GNU/Linux **
 Alexander Sack | : :' : The universal
 <email address hidden> | `. `' Operating System
 http://www.asoftsite.org | `- http://www.debian.org/

Revision history for this message
In , Alexander Sack (asac) wrote : Bug#329667: fixed in mozilla-thunderbird 1.0.6-4
Download full text (4.8 KiB)

Source: mozilla-thunderbird
Source-Version: 1.0.6-4

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-4_i386.deb
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-4_i386.deb
mozilla-thunderbird-offline_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-4_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
mozilla-thunderbird_1.0.6-4.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.diff.gz
mozilla-thunderbird_1.0.6-4.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.dsc
mozilla-thunderbird_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 292475 325536 329664 329667 330168
Changes:
 mozilla-thunderbird (1.0.6-4) unstable; urgency=high
 .
   * now using bash to overcome possible security flaws of
     our thunderbird start script (mozilla-thunderbird). Patch
     by Florian Weimer <email address hidden>
     debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
   * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
     to build on alpha, arm, and ia64 that now uses
     __attribute__((used)) instead of ((unused)) by
     Steve Langasek <email address hidden>
     (Closes: 325536)
   * fix debsums error reported by Y Giridhar Appaji Nag
     <email address hidden>. Now removing files in postrm.
     Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf
     to the ...

Read more...

Revision history for this message
In , Alexander Sack (asac) wrote : Bug#329664: fixed in mozilla-thunderbird 1.0.6-4
Download full text (4.8 KiB)

Source: mozilla-thunderbird
Source-Version: 1.0.6-4

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-4_i386.deb
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-4_i386.deb
mozilla-thunderbird-offline_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-4_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
mozilla-thunderbird_1.0.6-4.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.diff.gz
mozilla-thunderbird_1.0.6-4.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.dsc
mozilla-thunderbird_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 292475 325536 329664 329667 330168
Changes:
 mozilla-thunderbird (1.0.6-4) unstable; urgency=high
 .
   * now using bash to overcome possible security flaws of
     our thunderbird start script (mozilla-thunderbird). Patch
     by Florian Weimer <email address hidden>
     debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
   * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
     to build on alpha, arm, and ia64 that now uses
     __attribute__((used)) instead of ((unused)) by
     Steve Langasek <email address hidden>
     (Closes: 325536)
   * fix debsums error reported by Y Giridhar Appaji Nag
     <email address hidden>. Now removing files in postrm.
     Further moved /usr/lib/mozilla-thunderbird/chrome/chrome.rdf
     to the ...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.0 KiB)

Message-Id: <email address hidden>
Date: Thu, 29 Sep 2005 06:32:14 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.6-4

Source: mozilla-thunderbird
Source-Version: 1.0.6-4

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-4_i386.deb
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-4_i386.deb
mozilla-thunderbird-offline_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-4_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
mozilla-thunderbird_1.0.6-4.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.diff.gz
mozilla-thunderbird_1.0.6-4.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.dsc
mozilla-thunderbird_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 292475 325536 329664 329667 330168
Changes:
 mozilla-thunderbird (1.0.6-4) unstable; urgency=high
 .
   * now using bash to overcome possible security flaws of
     our thunderbird start script (mozilla-thunderbird). Patch
     by Florian Weimer <email address hidden>
     debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
   * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
     to build on alpha, arm, and ia64 that now uses
     __attribute__((used)) instead of ((unused)) by
     Steve Langasek <vorlon@debian....

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.0 KiB)

Message-Id: <email address hidden>
Date: Thu, 29 Sep 2005 06:32:14 -0700
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329667: fixed in mozilla-thunderbird 1.0.6-4

Source: mozilla-thunderbird
Source-Version: 1.0.6-4

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.6-4_i386.deb
mozilla-thunderbird-inspector_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.6-4_i386.deb
mozilla-thunderbird-offline_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.6-4_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.6-4_i386.deb
mozilla-thunderbird_1.0.6-4.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.diff.gz
mozilla-thunderbird_1.0.6-4.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4.dsc
mozilla-thunderbird_1.0.6-4_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.6-4_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Sep 2005 17:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.6-4
Distribution: unstable
Urgency: high
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 292475 325536 329664 329667 330168
Changes:
 mozilla-thunderbird (1.0.6-4) unstable; urgency=high
 .
   * now using bash to overcome possible security flaws of
     our thunderbird start script (mozilla-thunderbird). Patch
     by Florian Weimer <email address hidden>
     debian/mfsa_2005-59.debian.patch (Closes: 329664, 329667)
   * added patch 50_ftbfs_alpha+arm+ia64_325536_fix.dpatch
     to build on alpha, arm, and ia64 that now uses
     __attribute__((used)) instead of ((unused)) by
     Steve Langasek <vorlon@debian....

Read more...

Revision history for this message
Adam Conrad (adconrad) wrote :

This was fixed in all releases with the various 1.0.7 uploads.

Revision history for this message
In , Alexander Sack (asac) wrote : Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7
Download full text (5.8 KiB)

Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
 mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
 .
   * following issues are addressed with patches in
     debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
     patch: debian/mfsa_2005-59.debian.patch.
 .
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
     Closes: -
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259
     Issues addressed:
       + CAN-2005-2871 ...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (6.0 KiB)

Message-Id: <email address hidden>
Date: Sat, 12 Nov 2005 01:03:49 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7

Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
 mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
 .
   * following issues are addressed with patches in
     debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
     patch: debian/mfsa_2005-59.debian.patch.
 .
   * MFSA-2005-57: IDN heap overrun
     Summary: ...

Read more...

Revision history for this message
In , Alexander Sack (asac) wrote :
Download full text (5.8 KiB)

Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
 mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
 .
   * following issues are addressed with patches in
     debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
     patch: debian/mfsa_2005-59.debian.patch.
 .
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
     Closes: -
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259
     Issues addressed:
       + CAN-2005-2871 ...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (6.0 KiB)

Message-Id: <email address hidden>
Date: Fri, 16 Dec 2005 21:34:54 -0800
From: Alexander Sack <email address hidden>
To: <email address hidden>
Subject: Bug#329664: fixed in mozilla-thunderbird 1.0.2-2.sarge1.0.7

Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
 mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
 .
   * following issues are addressed with patches in
     debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
     patch: debian/mfsa_2005-59.debian.patch.
 .
   * MFSA-2005-57: IDN heap overrun
     Summary: ...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.