LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

March 2013

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL March 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Important: thunderbird on SL5.x, SL6.x i386/x86_64
From:	Dr Andrew C Aitchison <[log in to unmask]>
Reply To:	Dr Andrew C Aitchison <[log in to unmask]>
Date:	Wed, 13 Mar 2013 09:51:26 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (71 lines)

On Tue, 12 Mar 2013, Pat Riehecky wrote:

> Synopsis:          Important: thunderbird security update
> Issue Date:        2013-03-11
> CVE Numbers:       CVE-2013-0787
> --
>
> A flaw was found in the processing of malformed content. Malicious content
> could cause Thunderbird to crash or execute arbitrary code with the
> privileges of the user running Thunderbird. (CVE-2013-0787)
>
> Note: This issue cannot be exploited by a specially-crafted HTML mail
> message as JavaScript is disabled by default for mail messages. It could
> be exploited another way in Thunderbird, for example, when viewing the
> full remote content of an RSS feed.
>
> After installing the update, Thunderbird must be restarted for the changes
> to take effect.
> --
>
> SL5
>  x86_64
>    thunderbird-17.0.3-2.el5_9.x86_64.rpm

# rpmquery -ip --changelog thunderbird-17.0.3-2.el5_9.x86_64.rpm
Name        : thunderbird                  Relocations: (not relocatable)
Version     : 17.0.3                            Vendor: Scientific Linux
Release     : 2.el5_9                       Build Date: Tue 12 Mar 2013 
00:10:38
  GMT
Install Date: (not installed)               Build Host: norob.fnal.gov
Group       : Applications/Internet         Source RPM: 
thunderbird-17.0.3-2.el5
_9.src.rpm
Size        : 73621016                         License: MPLv1.1 or GPLv2+ 
or LGP
Lv2+
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
* Thu Mar 07 2013 Martin Stransky <[log in to unmask]> - 17.0.3-2
- Added fix for #848644

* Sat Feb 16 2013 Jan Horak <[log in to unmask]> - 17.0.3-1
- Update to 17.0.3 ESR

Can you confirm that this does have the fix for CVE-2013-0787
(848644 was marked NOTABUG so this probably is just a typo in the
changelog, but it would be good to be sure) ?

>    thunderbird-debuginfo-17.0.3-2.el5_9.x86_64.rpm
>  i386
>    thunderbird-17.0.3-2.el5_9.i386.rpm
>    thunderbird-debuginfo-17.0.3-2.el5_9.i386.rpm
> SL6
>  x86_64
>    thunderbird-17.0.3-2.el6_4.x86_64.rpm
>    thunderbird-debuginfo-17.0.3-2.el6_4.x86_64.rpm
>  i386
>    thunderbird-17.0.3-2.el6_4.i686.rpm
>    thunderbird-debuginfo-17.0.3-2.el6_4.i686.rpm
>
> - Scientific Linux Development Team

Thanks,

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV