[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Fri Jul 20 19:32:33 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-1180
2007-07-20 12:32:17.311992
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 7
Version     : 2.0.0.5
Release     : 1.fc7
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738)

Users of Thunderbird are advised to upgrade to these erratum packages, which contain patches that correct these issues. 
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2007 Kai Engert <kengert at redhat.com> - 2.0.0.5-1
- 2.0.0.5
* Fri Jun 15 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-1
- 2.0.0.4
* Fri Jun  8 2007 Christopher Aillon <caillon at redhat.com> 2.0.0.4-0.rc1
- 2.0.0.4 rc1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #248518
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
  [ 2 ] CVE-2007-3734
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
  [ 3 ] CVE-2007-3735
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
  [ 4 ] CVE-2007-3736
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
  [ 5 ] CVE-2007-3089
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
  [ 6 ] CVE-2007-3737
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
  [ 7 ] CVE-2007-3738
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
--------------------------------------------------------------------------------
Updated packages:

406b91a7a359a5116abc1de38d66f02475330193 thunderbird-2.0.0.5-1.fc7.ppc64.rpm
2b7400c86c54e4b77fda5c8c5d7f6e57e3a4eadb thunderbird-debuginfo-2.0.0.5-1.fc7.ppc64.rpm
f7f02885088254a8257fd6d20728785a600adaf5 thunderbird-debuginfo-2.0.0.5-1.fc7.i386.rpm
34c53a1f3b96d014e8bb6ca02704590be0baa980 thunderbird-2.0.0.5-1.fc7.i386.rpm
4d5328a7b0744d9cb9f73648e959c0cc7d62dee1 thunderbird-debuginfo-2.0.0.5-1.fc7.x86_64.rpm
1c57f5e01d960b6a0600cc7817764f13602058e7 thunderbird-2.0.0.5-1.fc7.x86_64.rpm
1c5eaadb7684dac209c38b9f1fcff1a002caed2c thunderbird-debuginfo-2.0.0.5-1.fc7.ppc.rpm
0fe3b5c19898df0c2976fdc8e19482dbe0903707 thunderbird-2.0.0.5-1.fc7.ppc.rpm
d8525d565bd1523e8763f0aee0ec463257af98e2 thunderbird-2.0.0.5-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list