Comment 13 for bug 22260

Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7

We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:

mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
  to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
 mozilla-thunderbird - Mozilla Thunderbird standalone mail client
 mozilla-thunderbird-dev - mozilla thunderbird development files
 mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
 mozilla-thunderbird-offline - mozilla thunderbird offline extension
 mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
 mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
 .
   * following issues are addressed with patches in
     debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
     patch: debian/mfsa_2005-59.debian.patch.
 .
   * MFSA-2005-57: IDN heap overrun
     Summary: Tom Ferris reported a Firefox crash when processing a domain
       name consisting solely of soft-hyphen characters.
     Closes: -
     CVE-Ids: CAN-2005-2871
     Bugzilla: 307259
     Issues addressed:
       + CAN-2005-2871 - IDN heap overrun
   * MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
     Summary: Fixes for multiple vulnerabilities with an overall severity
       of "critical" have been released in Mozilla Firefox/Thunderbird
       1.0.7 and the Mozilla Suite 1.7.12
     Closes: -
     CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
       CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
     Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
        306804 291178 300853 301180 302100
     Issues addressed:
       + CAN-2005-2701 - Heap overrun in XBM image processing, tbird is not affected
         applied anyway to keep source in sync.
       + CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
       + CAN-2005-2703 - XMLHttpRequest header spoofing
       + CAN-2005-2704 - Object spoofing using XBL <implements>
       + CAN-2005-2705 - JavaScript integer overflow
       + CAN-2005-2706 - Privilege escalation using about: scheme
       + CAN-2005-2707 - Chrome window spoofing
       + Regression fixes
   * MFSA-2005-59: Command-line handling on Linux allows shell execution
     Summary: URLs passed to Linux versions of Firefox on the command-line
       are not correctly protected against interpretation by the
       shell. As a result a malicious URL can result in the execution
       of shell commands with the privileges of the user. If Firefox
       is set as the default handler for web URLs then opening a URL
       in another program (for example, links in a mail or chat
       client) can result in shell command execution.
     Closes: 329664,329664
     CVE-Ids: CAN-2005-2968
     Bugzilla: 307185
     Issues addressed:
       + CAN-2005-2968 - Command-line handling on Linux allows shell execution
Files:
 303ed28d7dac19a27a47c23819f80bd7 997 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
 79fbaf89373ea1d4698942f289b556d2 210991 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
 fc8572c0a89b914fc288fd638e224213 11550326 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
 ec039bd40938c0d6bb87874cc8703c25 27286 mail optional mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
 a90c517acdcaf177b4585cf8f9e35344 140456 mail optional mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
 ecf0d09362306bcd6c8a65c2e779f792 81696 mail optional mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
 02fbded3b5e503def6c29f32c34b24d1 3497080 mail optional mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDQAAMv8pLOKgkuT8RAp6QAKCY/VbjrWCngixYOdu2MQK2URdpsgCeIeBS
gr2DrdhaXYVioWnS4kjhsPs=
=HZnU
-----END PGP SIGNATURE-----