mozilla-thunderbird 1.0.8-0ubuntu05.10.1 source package in Ubuntu

Changelog

mozilla-thunderbird (1.0.8-0ubuntu05.10.1) breezy-security; urgency=low

  * New upstream release which fixes the following vulnerabilities:
    - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
      Vulnerability
    - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
    - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
    - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
      crypto.generateCRMFRequest
    - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
      Vulnerability
    - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
      forwarding in-line
    - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
    - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
    - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
      window.controllers
    - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
      valueOf.call()
    - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
      function's cloned parent
    - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
    - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
      CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
    - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
    - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
      handlers
    - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
      XULDocument.persist()
    - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
  * Removed debian/patches/20_run-mozilla_sh_306893_fix.dpatch: Fixed
    upstream.
  * debian/patches/90_gcc4_fix.dpatch: Adapted to new upstream version.

 -- Martin Pitt <email address hidden>   Tue,  2 May 2006 07:46:51 +0000