We believe that the bug you reported is fixed in the latest version of
mozilla-thunderbird, which is due to be installed in the Debian FTP archive:
mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
to pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-thunderbird-dev mozilla-thunderbird-inspector mozilla-thunderbird mozilla-thunderbird-typeaheadfind mozilla-thunderbird-offline
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-thunderbird - Mozilla Thunderbird standalone mail client
mozilla-thunderbird-dev - mozilla thunderbird development files
mozilla-thunderbird-inspector - mozilla thunderbird dom inspector extension
mozilla-thunderbird-offline - mozilla thunderbird offline extension
mozilla-thunderbird-typeaheadfind - mozilla thunderbird typeaheadfind extension
Closes: 329664 329664
Changes:
mozilla-thunderbird (1.0.2-2.sarge1.0.7) stable-security; urgency=critical
.
* following issues are addressed with patches in
debian/patches/tbird.1.0.6-1.0.7-1/. MFSA_2005-59 has a debian specific
patch: debian/mfsa_2005-59.debian.patch.
.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: -
CVE-Ids: CAN-2005-2871
Bugzilla: 307259
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox/Thunderbird
1.0.7 and the Mozilla Suite 1.7.12
Closes: -
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704 CAN-2005-2705 CAN-2005-2706 CAN-2005-2707
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302100
Issues addressed:
+ CAN-2005-2701 - Heap overrun in XBM image processing, tbird is not affected
applied anyway to keep source in sync.
+ CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 - XMLHttpRequest header spoofing
+ CAN-2005-2704 - Object spoofing using XBL <implements>
+ CAN-2005-2705 - JavaScript integer overflow
+ CAN-2005-2706 - Privilege escalation using about: scheme
+ CAN-2005-2707 - Chrome window spoofing
+ Regression fixes
* MFSA-2005-59: Command-line handling on Linux allows shell execution
Summary: URLs passed to Linux versions of Firefox on the command-line
are not correctly protected against interpretation by the
shell. As a result a malicious URL can result in the execution
of shell commands with the privileges of the user. If Firefox
is set as the default handler for web URLs then opening a URL
in another program (for example, links in a mail or chat
client) can result in shell command execution.
Closes: 329664,329664
CVE-Ids: CAN-2005-2968
Bugzilla: 307185
Issues addressed:
+ CAN-2005-2968 - Command-line handling on Linux allows shell execution
Files:
303ed28d7dac19a27a47c23819f80bd7 997 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
79fbaf89373ea1d4698942f289b556d2 210991 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
fc8572c0a89b914fc288fd638e224213 11550326 mail optional mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
ec039bd40938c0d6bb87874cc8703c25 27286 mail optional mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
a90c517acdcaf177b4585cf8f9e35344 140456 mail optional mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
ecf0d09362306bcd6c8a65c2e779f792 81696 mail optional mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
02fbded3b5e503def6c29f32c34b24d1 3497080 mail optional mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
Source: mozilla-thunderbird
Source-Version: 1.0.2-2.sarge1.0.7
We believe that the bug you reported is fixed in the latest version of thunderbird, which is due to be installed in the Debian FTP archive:
mozilla-
mozilla- thunderbird- dev_1.0. 2-2.sarge1. 0.7_i386. deb m/mozilla- thunderbird/ mozilla- thunderbird- dev_1.0. 2-2.sarge1. 0.7_i386. deb thunderbird- inspector_ 1.0.2-2. sarge1. 0.7_i386. deb m/mozilla- thunderbird/ mozilla- thunderbird- inspector_ 1.0.2-2. sarge1. 0.7_i386. deb thunderbird- offline_ 1.0.2-2. sarge1. 0.7_i386. deb m/mozilla- thunderbird/ mozilla- thunderbird- offline_ 1.0.2-2. sarge1. 0.7_i386. deb thunderbird- typeaheadfind_ 1.0.2-2. sarge1. 0.7_i386. deb m/mozilla- thunderbird/ mozilla- thunderbird- typeaheadfind_ 1.0.2-2. sarge1. 0.7_i386. deb thunderbird_ 1.0.2-2. sarge1. 0.7.diff. gz m/mozilla- thunderbird/ mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7.diff. gz thunderbird_ 1.0.2-2. sarge1. 0.7.dsc m/mozilla- thunderbird/ mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7.dsc thunderbird_ 1.0.2-2. sarge1. 0.7_i386. deb m/mozilla- thunderbird/ mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7_i386. deb
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
mozilla-
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Sack <email address hidden> (supplier of updated mozilla-thunderbird package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 thunderbird- dev mozilla- thunderbird- inspector mozilla-thunderbird mozilla- thunderbird- typeaheadfind mozilla- thunderbird- offline thunderbird - Mozilla Thunderbird standalone mail client thunderbird- dev - mozilla thunderbird development files thunderbird- inspector - mozilla thunderbird dom inspector extension thunderbird- offline - mozilla thunderbird offline extension thunderbird- typeaheadfind - mozilla thunderbird typeaheadfind extension thunderbird (1.0.2- 2.sarge1. 0.7) stable-security; urgency=critical patches/ tbird.1. 0.6-1.0. 7-1/. MFSA_2005-59 has a debian specific mfsa_2005- 59.debian. patch.
CAN-2005- 2705 CAN-2005-2706 CAN-2005-2707 a27a47c23819f80 bd7 997 mail optional mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7.dsc d4698942f289b55 6d2 210991 mail optional mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7.diff. gz 4fc288fd638e224 213 11550326 mail optional mozilla- thunderbird_ 1.0.2-2. sarge1. 0.7_i386. deb d6bb87874cc8703 c25 27286 mail optional mozilla- thunderbird- offline_ 1.0.2-2. sarge1. 0.7_i386. deb 77b4585cf8f9e35 344 140456 mail optional mozilla- thunderbird- inspector_ 1.0.2-2. sarge1. 0.7_i386. deb cd6c8a65c2e779f 792 81696 mail optional mozilla- thunderbird- typeaheadfind_ 1.0.2-2. sarge1. 0.7_i386. deb def6c29f32c34b2 4d1 3497080 mail optional mozilla- thunderbird- dev_1.0. 2-2.sarge1. 0.7_i386. deb
Date: Sat, 1 Oct 2005 11:00:00 +0100
Source: mozilla-thunderbird
Binary: mozilla-
Architecture: source i386
Version: 1.0.2-2.sarge1.0.7
Distribution: stable-security
Urgency: critical
Maintainer: Alexander Sack <email address hidden>
Changed-By: Alexander Sack <email address hidden>
Description:
mozilla-
mozilla-
mozilla-
mozilla-
mozilla-
Closes: 329664 329664
Changes:
mozilla-
.
* following issues are addressed with patches in
debian/
patch: debian/
.
* MFSA-2005-57: IDN heap overrun
Summary: Tom Ferris reported a Firefox crash when processing a domain
name consisting solely of soft-hyphen characters.
Closes: -
CVE-Ids: CAN-2005-2871
Bugzilla: 307259
Issues addressed:
+ CAN-2005-2871 - IDN heap overrun
* MFSA-2005-58: Accumulated vendor advisory for multiple vulnerabilities
Summary: Fixes for multiple vulnerabilities with an overall severity
of "critical" have been released in Mozilla Firefox/Thunderbird
1.0.7 and the Mozilla Suite 1.7.12
Closes: -
CVE-Ids: CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
Bugzilla: 300936 296134 297078 302263 299518 303213 304754 306261
306804 291178 300853 301180 302100
Issues addressed:
+ CAN-2005-2701 - Heap overrun in XBM image processing, tbird is not affected
applied anyway to keep source in sync.
+ CAN-2005-2702 - Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 - XMLHttpRequest header spoofing
+ CAN-2005-2704 - Object spoofing using XBL <implements>
+ CAN-2005-2705 - JavaScript integer overflow
+ CAN-2005-2706 - Privilege escalation using about: scheme
+ CAN-2005-2707 - Chrome window spoofing
+ Regression fixes
* MFSA-2005-59: Command-line handling on Linux allows shell execution
Summary: URLs passed to Linux versions of Firefox on the command-line
are not correctly protected against interpretation by the
shell. As a result a malicious URL can result in the execution
of shell commands with the privileges of the user. If Firefox
is set as the default handler for web URLs then opening a URL
in another program (for example, links in a mail or chat
client) can result in shell command execution.
Closes: 329664,329664
CVE-Ids: CAN-2005-2968
Bugzilla: 307185
Issues addressed:
+ CAN-2005-2968 - Command-line handling on Linux allows shell execution
Files:
303ed28d7dac19
79fbaf89373ea1
fc8572c0a89b91
ec039bd40938c0
a90c517acdcaf1
ecf0d09362306b
02fbded3b5e503
-----BEGIN PGP SIGNATURE-----
LOKgkuT8RAp6QAK CY/VbjrWCngixYO du2MQK2URdpsgCe IeBS S4kjhsPs=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDQAAMv8p
gr2DrdhaXYVioWn
=HZnU
-----END PGP SIGNATURE-----