Subject: | |
From: | |
Reply To: | |
Date: | Tue, 14 Oct 2008 16:16:19 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
We had a compiling problem on the SL4 x86_64 rpms. The compiling problem has
been fixed and is working now. Both the x86_64 and i386 rpm's have been
rebuilt with the new name to keep consistency.
No code has been changed. The rpm's were only recompiled.
SL 4.x
SRPMS:
thunderbird-1.5.0.12-16.el4.sl.src.rpm
i386:
thunderbird-1.5.0.12-16.el4.sl.i386.rpm
x86_64:
thunderbird-1.5.0.12-16.el4.sl.x86_64.rpm
Troy Dawson
Troy J Dawson wrote:
> Synopsis: Moderate: thunderbird security update
> Issue date: 2008-10-01
> CVE Names: CVE-2008-0016 CVE-2008-3835 CVE-2008-4058
> CVE-2008-4059 CVE-2008-4060 CVE-2008-4061
> CVE-2008-4062 CVE-2008-4065 CVE-2008-4066
> CVE-2008-4067 CVE-2008-4068 CVE-2008-4070
>
>
> Several flaws were found in the processing of malformed HTML mail content.
> An HTML mail message containing malicious content could cause Thunderbird
> to crash or, potentially, execute arbitrary code as the user running
> Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
> CVE-2008-4061, CVE-2008-4062)
>
> Several flaws were found in the way malformed HTML mail content was
> displayed. An HTML mail message containing specially crafted content could
> potentially trick a Thunderbird user into surrendering sensitive
> information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068)
>
> A flaw was found in Thunderbird that caused certain characters to be
> stripped from JavaScript code. This flaw could allow malicious JavaScript
> to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)
>
> Note: JavaScript support is disabled by default in Thunderbird; the above
> issue is not exploitable unless JavaScript is enabled.
>
> A heap based buffer overflow flaw was found in the handling of cancelled
> newsgroup messages. If the user cancels a specially crafted newsgroup
> message it could cause Thunderbird to crash or, potentially, execute
> arbitrary code as the user running Thunderbird. (CVE-2008-4070)
>
> Note2: On SL4 this updates fixes the bug that when a URL link is clicked,
> firefox wouldn't start. Firefox now starts when a URL link is clicked.
>
> SL 4.x
>
> SRPMS:
> thunderbird-1.5.0.12-16.el4.src.rpm
> i386:
> thunderbird-1.5.0.12-16.el4.i386.rpm
> x86_64:
> thunderbird-1.5.0.12-16.el4.x86_64.rpm
>
> SL 5.x
>
> SRPMS:
> thunderbird-2.0.0.17-1.el5.src.rpm
> i386:
> thunderbird-2.0.0.17-1.el5.i386.rpm
> x86_64:
> thunderbird-2.0.0.17-1.el5.x86_64.rpm
>
> -Connie Sieh
> -Troy Dawson
>
>
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|