Ubuntu
mozilla-thunderbird package

lp://staging/ubuntu/breezy-security/mozilla-thunderbird

  1. Breezy (5.10)
  2. breezy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/breezy-security/mozilla-thunderbird
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

10. By Alexander Sack

* New upstream security update:
  - CVE-2007-0008, MFSA 2006-06: SSLv2 Client Integer Underflow
    Vulnerability
  - CVE-2007-0009, MFSA 2006-06: SSLv2 Server Stack Overflow
    Vulnerability
  - CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, MFSA 2007-01:
    Crashes with evidence of memory corruption
* drop patches applied upstream: 90_ppc64-build-fix

9. By Kees Cook

* New upstream security update:
  - CVE-2006-6505, MFSA 2006-74: Mail header processing heap overflows.
  - CVE-2006-6503, MFSA 2006-72: XSS by setting img.src to javascript: URI.
  - CVE-2006-6502, MFSA 2006-71: LiveConnect crash finalizing JS objects.
  - CVE-2006-6501, MFSA 2006-70: Privilege escallation using watch point.
  - CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, MFSA 2006-68: Crashes
    with evidence of memory corruption.

8. By Kees Cook

* New upstream security update:
  - CVE-2006-5463, MFSA 2006-67: Running Script can be recompiled.
  - CVE-2006-5462, MFSA 2006-66: RSA signature forgery (variant).
  - CVE-2006-5464, CVE-2006-5747, CVE-2006-5748, MFSA 2006-65: Crashes with
    evidence of memory corruption.

7. By Martin Pitt

* Bump Breezy to 1.5.0.x since 1.0.x is EOLed upstream. 1.5.0.7 fixes the
  following vulnerabilities:
  - MFSA 2006-64, CVE-2006-4571: Crashes with evidence of memory corruption
    (rv:1.8.0.7)
  - MFSA 2006-63, CVE-2006-4570: JavaScript execution in mail via XBL
  - MFSA 2006-60, CVE-2006-4340: RSA Signature Forgery
  - MFSA 2006-59, CVE-2006-4253: Concurrency-related vulnerability
  - MFSA 2006-58, CVE-2006-4567: Auto-Update compromise through DNS and SSL
    spoofing
  - MFSA 2006-57, CVE-2006-4565, CVE-2006-4566: JavaScript Regular Expression
    Heap Corruption
* 1.5.0.5 fixes the following vulnerabilities:
  - MFSA 2006-46, CVE-2006-3113: Memory corruption with simultaneous
    events [does not affect 1.0]
  - MFSA 2006-47, CVE-2006-3802: Native DOM methods can be hijacked
    across domains [does not affect 1.0]
  - MFSA 2006-48, CVE-2006-3803: JavaScript new Function race
    condition [does not affect 1.0]
  - MFSA 2006-49, CVE-2006-3804: Heap buffer overwrite on malformed
    VCard
  - MFSA 2006-50, CVE-2006-3805, CVE-2006-3806: JavaScript engine
    vulnerabilities
  - MFSA 2006-51, CVE-2006-3807: Privilege escalation using
    named-functions and redefined "new Object()"
  - MFSA 2006-53, CVE-2006-3809: UniversalBrowserRead privilege
    escalation
  - MFSA 2006-54, CVE-2006-3810: XSS with XPCNativeWrapper
    (window).Function(...) [does not affect 1.0]
  - MFSA 2006-55, CVE-2006-3811: Crashes with evidence of memory
    corruption (rv:1.8.0.5)
  - MFSA 2006-56, CVE-2006-3812: chrome: scheme loading remote
    content

6. By Martin Pitt

* This release backports several security issue fixed in thunderbird
  1.5.0.4. the patches listed below can be found in
  debian/patches/tbird.1.0.8-1.0.8a:

  + CVE-2006-2787 : 0001-mfsa2006-31-319263-336601-336313.patch
  + CVE-2006-2786 1/2 : 0002-mfsa2006-33-Part-1-2-329746.patch
  + CVE-2006-2786 1/2 : 0003-mfsa2006-33-Part-2-2-330214.patch
  + CVE-2006-2785 2/2 : 0004-mfsa2006-34-329521-329468.patch
  + CVE-2006-2775 : 0005-mfsa2006-35-329677.patch
                        0024-mfsa2006-35-335142-regression-1-2-for-329677.patch
                        0025-mfsa2006-35-337841-regression-part-2-2-for-329677.patch
  + CVE-2006-2784 : 0006-mfsa2006-36-330037.patch
  + CVE-2006-2776 : 0007-mfsa2006-37-330773-with-belt-and-braces.patch
  + CVE-2006-2778 : 0008-mfsa2006-38-330897.patch
  + CVE-2006-1942 : 0009-mfsa2006-39-CVE-2006-1942-334341.patch
  + CVE-2006-2781 : 0010-mfsa2006-40-334384-sea.patch
                        0010-mfsa2006-40-334384.patch
  + CVE-2006-2782 : 0011-mfsa2006-41-334977.patch
  + CVE-2006-2783 : 0012-mfsa2006-42-335816.patch
  + CVE-2006-2777 : 0013-mfsa2006-43-336830.patch
  + CVE-2006-2779 3/6 : 0014-mfsa2006-32-Part-3-7-326501.patch
  + CVE-2006-2779 4/6 : 0015-mfsa2006-32-Part-4a-7-326931.patch
  + CVE-2006-2779 4/6 : 0016-mfsa2006-32-Part-4b-7-329219.patch
  + CVE-2006-2779 4/6 : 0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.patch
  + CVE-2006-2779 6/6 : 0018-content-html-document-src-nsHTMLContentSink.cpp-332971-mfsa2006-32-Part-6-7.patch
  + CVE-2006-2780 : 0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.patch
  + CVE-2006-2779 5/6 : 0021-mfsa2006-32-Part-5-7-327712.patch
* Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are
  tricky parts 1/6 and 2/6 from advisory:
  1/6: Removing nested <option>s from a select (Jesse Ruderman)
    https://bugzilla.mozilla.org/show_bug.cgi?id=324918
  2/6: 'Crashes during DOMNodeRemoved mutation event'
    https://bugzilla.mozilla.org/show_bug.cgi?id=325730
    https://bugzilla.mozilla.org/show_bug.cgi?id=329982
* Patches taken from Debian security update. Many thanks to Alexander Sack
  <email address hidden> for providing them!

5. By Martin Pitt

* New upstream release which fixes the following vulnerabilities:
  - MFSA 2006-27, CVE-2006-0748: Table Rebuilding Code Execution
    Vulnerability
  - MFSA 2006-26, CVE-2006-1045: Mail Multiple Information Disclosure
  - MFSA 2006-25, CVE-2006-1727: Privilege escalation through Print Preview
  - MFSA 2006-24, CVE-2006-1728: Privilege escalation using
    crypto.generateCRMFRequest
  - MFSA 2006-22, CVE-2006-1730: CSS Letter-Spacing Heap Overflow
    Vulnerability
  - MFSA 2006-21, CVE-2006-0884: JavaScript execution in mail when
    forwarding in-line
  - MFSA 2006-19, CVE-2006-1731: Cross-site scripting using .valueOf.call()
  - MFSA 2006-18, CVE-2006-0749: Mozilla Firefox Tag Order Vulnerability
  - MFSA 2006-17, CVE-2006-1732: cross-site scripting through
    window.controllers
  - MFSA 2006-16, CVE-2006-1733: Accessing XBL compilation scope via
    valueOf.call()
  - MFSA 2006-15, CVE-2006-1734: Privilege escalation using a JavaScript
    function's cloned parent
  - MFSA 2006-14, CVE-2006-1735: Privilege escalation via XBL.method.eval
  - MFSA 2006-11, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739,
    CVE-2006-1790: Crashes with evidence of memory corruption (rv:1.8)
  - MFSA 2006-10, CVE-2006-1742: JavaScript garbage-collection hazard audit
  - MFSA 2006-09, CVE-2006-1741: Cross-site JavaScript injection using event
    handlers
  - MFSA 2006-05, CVE-2006-0296: Localstore.rdf XML injection through
    XULDocument.persist()
  - MFSA 2006-01, CVE-2006-0292: JavaScript garbage-collection hazards
* Removed debian/patches/20_run-mozilla_sh_306893_fix.dpatch: Fixed
  upstream.
* debian/patches/90_gcc4_fix.dpatch: Adapted to new upstream version.

4. By Adam Conrad

* SECURITY UPDATE: Update to 1.0.7 to resolve multiple issues:
  + CAN-2005-2871, MFSA-2005-57 - IDN heap overrun
  + CAN-2005-2701, MFSA-2005-58 - Heap overrun in XBM image processing
  + CAN-2005-2702, MFSA-2005-58 - Crash on "zero-width non-joiner" sequence
  + CAN-2005-2703, MFSA-2005-58 - XMLHttpRequest header spoofing
  + CAN-2005-2704, MFSA-2005-58 - Object spoofing using XBL <implements>
  + CAN-2005-2705, MFSA-2005-58 - JavaScript integer overflow
  + CAN-2005-2706, MFSA-2005-58 - Privilege escalation using about: scheme
  + CAN-2005-2707, MFSA-2005-58 - Chrome window spoofing
* CAN-2005-2968, MFSA-2005-59 (Command-line shell execution vulnerability)
  was addressed in Debian in 1.0.6-4, and we're preferring their patch
  over upstream's, as it allows us to update with the minimum amount of
  fuss, without re-diffing all our other patches (see Debian bug #329667)
* Drop 81_security-idn-normalization.dpatch, now included upstream.
* Compile with -fno-strict-aliasing (as discussed in Ubuntu bug #17276)

3. By Tollef Fog Heen <email address hidden>

* New upstream release with security and stability fixes:
  - MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
  - MFSA 2005-25 Image drag and drop executable spoofing
  - MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
  - MFSA 2005-18 Memory overwrite in string library
  - MFSA 2005-17 Install source spoofing with user:pass@host
  - MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion

2. By Thom May

Ensure that XUL.mfasl is removed cleanly to mitigate profile problems
(1933,2266,possibly 2244)

1. By Thom May

Import upstream version 0.8

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers