[SECURITY] Fedora Core 5 Update: thunderbird-1.5.0.9-2.fc5

Christopher Aillon caillon at redhat.com
Tue Jan 2 20:23:31 UTC 2007 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-004
2007-01-02
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : thunderbird
Version     : 1.5.0.9
Release     : 2.fc5
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

---------------------------------------------------------------------
Update Information:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the way Thunderbird processes
certain malformed JavaScript code. A malicious web page
could cause the execution of JavaScript code in such a way
that could cause Thunderbird to crash or execute arbitrary
code as the user running Thunderbird. JavaScript support is
disabled by default in Thunderbird; this issue is not
exploitable without enabling JavaScript. (CVE-2006-6498,
CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504)

Several flaws were found in the way Thunderbird renders web
pages. A malicious web page could cause the browser to crash
or possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6497)

A heap based buffer overflow flaw was found in the way
Thunderbird parses the Content-Type mail header. A malicious
mail message could cause the Thunderbird client to crash or
possibly execute arbitrary code as the user running
Thunderbird. (CVE-2006-6505)

Users of Thunderbird are advised to apply this update, which
contains Thunderbird version 1.5.0.9 that corrects these issues.
---------------------------------------------------------------------
* Tue Dec 19 2006 Matthias Clasen <mclasen at redhat.com> 1.5.0.9-2
- Add a Requires: launchmail  (#219884)
* Tue Dec 19 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.9-1
- Update to 1.5.0.9
- Take firefox's pango fixes
- Don't offer to import...nothing.
* Tue Nov  7 2006 Christopher Aillon <caillon at redhat.com> 1.5.0.8-1
- Update to 1.5.0.8
- Allow choosing of download directory
- Take the user to the correct directory from the Download Manager.
- Patch to add support for printing via pango from Behdad.
* Sun Oct  8 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-4
- Default to use of system colors
* Wed Oct  4 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-3
- Bring the invisible character to parity with GTK+
* Wed Sep 27 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-2
- Fix crash when changing gtk key theme
- Prevent UI freezes while changing GNOME theme
- Remove verbiage about pango; no longer required by upstream.
* Wed Sep 13 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.7-1
- Update to 1.5.0.7
* Thu Sep  7 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-8
- Shuffle order of the install phase around
* Thu Sep  7 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-7
- Let there be art for Alt+Tab again
- s/tbdir/mozappdir/g
* Wed Sep  6 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-6
- Fix for cursor position in editor widgets by tagoh and behdad (#198759)
* Tue Sep  5 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-5
- Update nopangoxft.patch
- Fix rendering of MathML thanks to Behdad Esfahbod.
- Update start page text to reflect the MathML fixes.
- Enable pango by default on all locales
- Build using -rpath
- Re-enable GCC visibility
* Thu Aug  3 2006 Kai Engert <kengert at redhat.com> - 1.5.0.5-4
- Fix a build failure in mailnews mime code.
* Tue Aug  1 2006 Matthias Clasen <mclasen at redhat.com> - 1.5.0.5-3
- Rebuild
* Thu Jul 27 2006 Christopher Aillon <caillon at redhat.com> - 1.5.0.5-2
- Update to 1.5.0.5
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.5.0.4-2.1
- rebuild
* Mon Jun 12 2006 Kai Engert <kengert at redhat.com> - 1.5.0.4-2
- Update to 1.5.0.4
- Fix desktop-file-utils requires

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d4f33e774063d935dca0c06e9c54b6e09021a126  SRPMS/thunderbird-1.5.0.9-2.fc5.src.rpm
d4f33e774063d935dca0c06e9c54b6e09021a126  noarch/thunderbird-1.5.0.9-2.fc5.src.rpm
e201f238ae5b6c03b7a03776f0e24d4420389dcd  ppc/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.ppc.rpm
65f263d0713d4700c929a5420b6148688b0c2634  ppc/thunderbird-1.5.0.9-2.fc5.ppc.rpm
075baee3cd3823bb3415d24a3a7f3d5b6b5742f7  x86_64/thunderbird-1.5.0.9-2.fc5.x86_64.rpm
68a8644f2ba6ad5af6e425aabfb7f1601936161e  x86_64/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.x86_64.rpm
210aad8474c210385462ef9b68c1b6f841a63163  i386/debug/thunderbird-debuginfo-1.5.0.9-2.fc5.i386.rpm
643faacd27e83ec8676d3054af85479bed335913  i386/thunderbird-1.5.0.9-2.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the package-announce mailing list