Author: Alexander Sack
Revision Date: 2007-04-02 17:40:00 UTC

* debian/rules: use --disable-strip in configure to make noopt effective;
  add -g to OPTFLAGS even for noopt; dbgsym packages can now be generated
  (LP#101923).
* debian/control: fix outdated Suggest entry to firefox (LP# 82805)
* debian/mozilla-thunderbird-restart-required.update-notifier,
  debian/mozilla-thunderbird.install, debian/mozilla-thunderbird.postinst:
  install restart-required hook for "restart required on update2 notification
  (LP#90624).
* debian/mozilla-thunderbird.desktop: support gnome startup notification,
  contributed by John Vivirito <gnomefreak@gmail.com> (LP#11463).
* 77_ubuntu-look-and-feel-report-a-bug-menuitem.dpatch: add 'Report a bug ...'
  menu entry, which invokes /usr/bin/ubuntu-bug -pmozilla-thunderbird

Author: Alexander Sack
Revision Date: 2007-04-02 17:40:00 UTC

* debian/rules: use --disable-strip in configure to make noopt effective;
  add -g to OPTFLAGS even for noopt; dbgsym packages can now be generated
  (LP#101923).
* debian/control: fix outdated Suggest entry to firefox (LP# 82805)
* debian/mozilla-thunderbird-restart-required.update-notifier,
  debian/mozilla-thunderbird.install, debian/mozilla-thunderbird.postinst:
  install restart-required hook for "restart required on update2 notification
  (LP#90624).
* debian/mozilla-thunderbird.desktop: support gnome startup notification,
  contributed by John Vivirito <gnomefreak@gmail.com> (LP#11463).
* 77_ubuntu-look-and-feel-report-a-bug-menuitem.dpatch: add 'Report a bug ...'
  menu entry, which invokes /usr/bin/ubuntu-bug -pmozilla-thunderbird

Author: Martin Pitt
Revision Date: 2006-09-18 19:07:51 UTC

* New upstream security update:
  - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
    (rv:1.8.0.7)
  - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
  - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
  - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
  - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
    spoofing
  - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
    Heap Corruption

Author: Adam Conrad
Revision Date: 2006-05-22 07:05:28 UTC

* Ship SVG and PNG icons alongside the XPM icons for window managers that
  can deal with those. Also, use the SVG icon internally, rather than
  the XPM, making the taskbar icon less ugly (closes: launchpad.net/45492)
* Include a slightly tweaked profile-manager icon for the (still disabled)
  mozilla-thunderbird profile manager desktop entry, based on tango icons.

Author: Adam Conrad
Revision Date: 2005-10-10 18:39:53 UTC

* SECURITY UPDATE: Update to 1.0.7 to resolve multiple issues:
  + CAN-2005-2871, MFSA-2005-57 - IDN heap overrun
  + CAN-2005-2701, MFSA-2005-58 - Heap overrun in XBM image processing
  + CAN-2005-2702, MFSA-2005-58 - Crash on "zero-width non-joiner" sequence
  + CAN-2005-2703, MFSA-2005-58 - XMLHttpRequest header spoofing
  + CAN-2005-2704, MFSA-2005-58 - Object spoofing using XBL <implements>
  + CAN-2005-2705, MFSA-2005-58 - JavaScript integer overflow
  + CAN-2005-2706, MFSA-2005-58 - Privilege escalation using about: scheme
  + CAN-2005-2707, MFSA-2005-58 - Chrome window spoofing
* CAN-2005-2968, MFSA-2005-59 (Command-line shell execution vulnerability)
  was addressed in Debian in 1.0.6-4, and we're preferring their patch
  over upstream's, as it allows us to update with the minimum amount of
  fuss, without re-diffing all our other patches (see Debian bug #329667)
* Drop 81_security-idn-normalization.dpatch, now included upstream.
* Compile with -fno-strict-aliasing (as discussed in Ubuntu bug #17276)

Author: Tollef Fog Heen
Revision Date: 2005-04-04 14:24:50 UTC

* New upstream release with security and stability fixes:
  - MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
  - MFSA 2005-25 Image drag and drop executable spoofing
  - MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
  - MFSA 2005-18 Memory overwrite in string library
  - MFSA 2005-17 Install source spoofing with user:pass@host
  - MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion

Author: Thom May
Revision Date: 2004-10-12 13:01:15 UTC

Ensure that XUL.mfasl is removed cleanly to mitigate profile problems
(1933,2266,possibly 2244)

Author: Alexander Sack
Revision Date: 2008-09-25 14:39:32 UTC

* RELEASE security/stability backports for tbird 1.5 as of 2.0.0.17
  (USN-647-1)
  - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.17/moz_1.8.0.15prepatches080614g.tar.gz

Author: Alexander Sack
Revision Date: 2008-09-25 14:39:32 UTC

* RELEASE security/stability backports for tbird 1.5 as of 2.0.0.17
  (USN-647-1)
  - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.17/moz_1.8.0.15prepatches080614g.tar.gz

Author: Alexander Sack
Revision Date: 2008-03-04 12:52:02 UTC

* fix memory access regression (LP: #197504)
  - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
  - update debian/patches/00list

Author: Alexander Sack
Revision Date: 2008-03-04 12:52:02 UTC

* fix memory access regression (LP: #197504)
  - add debian/patches/0071_279505-attachment-297724-(fix-396613-regression).dpatch
  - update debian/patches/00list

Author: Alexander Sack
Revision Date: 2009-03-19 10:58:17 UTC

* RELEASE security/stability backports for tbird 1.5 as of 2.0.0.21
  (USN-741-1)
  - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.21tb+3.0.7/moz_1.8.0.15prepatches080614k.tar.gz

Author: Alexander Sack
Revision Date: 2009-03-19 10:58:17 UTC

* RELEASE security/stability backports for tbird 1.5 as of 2.0.0.21
  (USN-741-1)
  - http://people.ubuntu.com/~asac/mozilla-security/1.8.1.21tb+3.0.7/moz_1.8.0.15prepatches080614k.tar.gz

Author: Adam Conrad
Revision Date: 2005-10-13 17:44:01 UTC

Bump version number to be higher than the version in hoary-security.

Author: Alexander Sack
Revision Date: 2007-03-05 11:30:00 UTC

* New upstream security update:
  - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
    Vulnerability
  - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
    Vulnerability
  - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
    Crashes with evidence of memory corruption
* drop patches applied upstream: 90_ppc64-build-fix

Author: Martin Pitt
Revision Date: 2006-07-25 11:35:23 UTC

* This release backports several security issue fixed in thunderbird
  1.5.0.4. the patches listed below can be found in
  debian/patches/tbird.1.0.8-1.0.8a:

  + CVE-2006-2787 : 0001-mfsa2006-31-319263-336601-336313.patch
  + CVE-2006-2786 1/2 : 0002-mfsa2006-33-Part-1-2-329746.patch
  + CVE-2006-2786 1/2 : 0003-mfsa2006-33-Part-2-2-330214.patch
  + CVE-2006-2785 2/2 : 0004-mfsa2006-34-329521-329468.patch
  + CVE-2006-2775 : 0005-mfsa2006-35-329677.patch
                        0024-mfsa2006-35-335142-regression-1-2-for-329677.patch
                        0025-mfsa2006-35-337841-regression-part-2-2-for-329677.patch
  + CVE-2006-2784 : 0006-mfsa2006-36-330037.patch
  + CVE-2006-2776 : 0007-mfsa2006-37-330773-with-belt-and-braces.patch
  + CVE-2006-2778 : 0008-mfsa2006-38-330897.patch
  + CVE-2006-1942 : 0009-mfsa2006-39-CVE-2006-1942-334341.patch
  + CVE-2006-2781 : 0010-mfsa2006-40-334384-sea.patch
                        0010-mfsa2006-40-334384.patch
  + CVE-2006-2782 : 0011-mfsa2006-41-334977.patch
  + CVE-2006-2783 : 0012-mfsa2006-42-335816.patch
  + CVE-2006-2777 : 0013-mfsa2006-43-336830.patch
  + CVE-2006-2779 3/6 : 0014-mfsa2006-32-Part-3-7-326501.patch
  + CVE-2006-2779 4/6 : 0015-mfsa2006-32-Part-4a-7-326931.patch
  + CVE-2006-2779 4/6 : 0016-mfsa2006-32-Part-4b-7-329219.patch
  + CVE-2006-2779 4/6 : 0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.patch
  + CVE-2006-2779 6/6 : 0018-content-html-document-src-nsHTMLContentSink.cpp-332971-mfsa2006-32-Part-6-7.patch
  + CVE-2006-2780 : 0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.patch
  + CVE-2006-2779 5/6 : 0021-mfsa2006-32-Part-5-7-327712.patch
* Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
  tricky parts 1/6 and 2/6 from advisory:
  1/6: Removing nested <option>s from a select (Jesse Ruderman)
    https://bugzilla.mozilla.org/show_bug.cgi?id=324918
  2/6: 'Crashes during DOMNodeRemoved mutation event'
    https://bugzilla.mozilla.org/show_bug.cgi?id=325730
    https://bugzilla.mozilla.org/show_bug.cgi?id=329982
* Patches taken from Debian security update. Many thanks to Alexander Sack
  <asac@debian.org> for providing them!

Author: Adam Conrad
Revision Date: 2005-10-10 18:39:53 UTC

* SECURITY UPDATE: Update to 1.0.7 to resolve multiple issues:
  + CAN-2005-2871, MFSA-2005-57 - IDN heap overrun
  + CAN-2005-2701, MFSA-2005-58 - Heap overrun in XBM image processing
  + CAN-2005-2702, MFSA-2005-58 - Crash on "zero-width non-joiner" sequence
  + CAN-2005-2703, MFSA-2005-58 - XMLHttpRequest header spoofing
  + CAN-2005-2704, MFSA-2005-58 - Object spoofing using XBL <implements>
  + CAN-2005-2705, MFSA-2005-58 - JavaScript integer overflow
  + CAN-2005-2706, MFSA-2005-58 - Privilege escalation using about: scheme
  + CAN-2005-2707, MFSA-2005-58 - Chrome window spoofing
* CAN-2005-2968, MFSA-2005-59 (Command-line shell execution vulnerability)
  was addressed in Debian in 1.0.6-4, and we're preferring their patch
  over upstream's, as it allows us to update with the minimum amount of
  fuss, without re-diffing all our other patches (see Debian bug #329667)
* Drop 81_security-idn-normalization.dpatch, now included upstream.