Subject: | |
From: | |
Reply To: | |
Date: | Wed, 13 Mar 2013 09:51:26 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Tue, 12 Mar 2013, Pat Riehecky wrote:
> Synopsis: Important: thunderbird security update
> Issue Date: 2013-03-11
> CVE Numbers: CVE-2013-0787
> --
>
> A flaw was found in the processing of malformed content. Malicious content
> could cause Thunderbird to crash or execute arbitrary code with the
> privileges of the user running Thunderbird. (CVE-2013-0787)
>
> Note: This issue cannot be exploited by a specially-crafted HTML mail
> message as JavaScript is disabled by default for mail messages. It could
> be exploited another way in Thunderbird, for example, when viewing the
> full remote content of an RSS feed.
>
> After installing the update, Thunderbird must be restarted for the changes
> to take effect.
> --
>
> SL5
> x86_64
> thunderbird-17.0.3-2.el5_9.x86_64.rpm
# rpmquery -ip --changelog thunderbird-17.0.3-2.el5_9.x86_64.rpm
Name : thunderbird Relocations: (not relocatable)
Version : 17.0.3 Vendor: Scientific Linux
Release : 2.el5_9 Build Date: Tue 12 Mar 2013
00:10:38
GMT
Install Date: (not installed) Build Host: norob.fnal.gov
Group : Applications/Internet Source RPM:
thunderbird-17.0.3-2.el5
_9.src.rpm
Size : 73621016 License: MPLv1.1 or GPLv2+
or LGP
Lv2+
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
* Thu Mar 07 2013 Martin Stransky <[log in to unmask]> - 17.0.3-2
- Added fix for #848644
* Sat Feb 16 2013 Jan Horak <[log in to unmask]> - 17.0.3-1
- Update to 17.0.3 ESR
Can you confirm that this does have the fix for CVE-2013-0787
(848644 was marked NOTABUG so this probably is just a typo in the
changelog, but it would be good to be sure) ?
> thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm
> i386
> thunderbird-17.0.3-2.el5_9.i386.rpm
> thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm
> SL6
> x86_64
> thunderbird-17.0.3-2.el6_4.x86_64.rpm
> thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm
> i386
> thunderbird-17.0.3-2.el6_4.i686.rpm
> thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm
>
> - Scientific Linux Development Team
Thanks,
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[log in to unmask] http://www.dpmms.cam.ac.uk/~werdna
|
|
|