Sicherheit: Zwei Probleme in thunderbird
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in thunderbird
ID: FEDORA-2005-247
Distribution: Fedora
Plattformen: Fedora Core 3
Datum: Do, 24. März 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0255
Applikationen: Mozilla Thunderbird


Fedora Update Notification

Product : Fedora Core 3
Name : thunderbird
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

Update Information:

A buffer overflow bug was found in the way Thunderbird processes GIF
images. It is possible for an attacker to create a specially crafted GIF
image, which when viewed by a victim will execute arbitrary code as the
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0399 to this issue.

A bug was found in the Thunderbird string handling functions. If a
malicious website is able to exhaust a system's memory, it becomes
possible to execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0255 to
this issue.

Users of Thunderbird are advised to upgrade to this updated package
which contains Thunderbird version 1.0.2 and is not vulnerable to these

This update enables pango rendering by default.

* Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com> 1.0.2-1.3.1

- Thunderbird 1.0.2
- Enable pango rendering

* Tue Mar 8 2005 Christopher Aillon <caillon@redhat.com> 1.0-5

- Add patch to compile against new fortified glibc macros

* Sat Mar 5 2005 Christopher Aillon <caillon@redhat.com> 1.0-4

- Rebuild against GCC 4.0
- Add execshield patches
- Minor specfile cleanup

* Mon Dec 20 2004 Christopher Aillon <caillon@redhat.com> 1.0-3

- Rebuild

* Thu Dec 16 2004 Christopher Aillon <caillon@redhat.com> 1.0-2

- Add RPM version to useragent

* Thu Dec 16 2004 Christopher Blizzard <blizzard@redhat.com>

- Port over pango patches from firefox

* Wed Dec 8 2004 Christopher Aillon <caillon@redhat.com> 1.0-1.3.1

- Thunderbird 1.0

* Mon Dec 6 2004 Christopher Aillon <caillon@redhat.com> 1.0-0.rc1.1

- Fix advanced prefs

* Fri Dec 3 2004 Christopher Aillon <caillon@redhat.com>

- Make this run on s390(x) now for real

* Wed Dec 1 2004 Christopher Aillon <caillon@redhat.com> 1.0-0.rc1.0

- Update to 1.0 rc1

This update can be downloaded from:

a7764787e90a38e1a7d121b5393c946c SRPMS/thunderbird-1.0.2-1.3.1.src.rpm
642aec4401a1e924bc1569a8a28d2f18 x86_64/thunderbird-1.0.2-1.3.1.x86_64.rpm
f8872d466515e23b7eb4e49564a24f9f i386/thunderbird-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list
Neue Nachrichten