Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaThunderbird-7.0.1-33.1.2 RPM for i586

From OpenSuSE 12.1 for i586

Name: MozillaThunderbird Distribution: openSUSE 12.1
Version: 7.0.1 Vendor: openSUSE
Release: 33.1.2 Build date: Sun Oct 30 05:07:43 2011
Group: Productivity/Networking/Email/Clients Build host: build34
Size: 36682138 Source RPM: MozillaThunderbird-7.0.1-33.1.2.src.rpm
Summary: The Stand-Alone Mozilla Mail Component
Mozilla Thunderbird is a redesign of the Mozilla Mail component. It is
written using the XUL user interface language and designed to be
cross-platform. It is a stand-alone application instead of part of the
Mozilla application suite.




MPLv1.1 or GPLv2+ or LGPLv2+


* Fri Sep 30 2011
  - update to minor version 7.0.1
    * fixed staged addon updates
    * Disabled the what's new tab for updaters from 7.0 (bmo#690290)
    * Insert Characters & Symbols fix (bmo#690267)
* Mon Sep 26 2011
  - update to version 7.0 (bnc#720264)
    * MFSA 2011-36
      Miscellaneous memory safety hazards
    * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
      Defense against multiple Location headers due to CRLF Injection
    * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
      Code installation through holding down Enter
    * MFSA 2011-42/CVE-2011-3232
      Potentially exploitable crash in the YARR regular expression
    * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
      Use after free reading OGG headers
  - removed obsolete mozilla-cairo-lcd.patch
* Tue Sep 13 2011
  - update enigmail to 1.3.2 (no changelog available)
  - add dbus-1-glib-devel to BuildRequires (not pulled automatically
    anymore with 12.1)
* Fri Sep 09 2011
  - make enigmail a subversion of Thunderbird to fix %release
    number tracking issues with the Open Build Service
    (taken from dmueller's 3.1.x changes)
* Wed Sep 07 2011
  - security update to 6.0.2 (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
* Fri Sep 02 2011
  - security update to 6.0.1 (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
* Wed Aug 17 2011
  - update enigmail to 1.3 final
* Fri Aug 12 2011
  - update to version 6.0 (bnc#712224)
    including security fixes MFSA 2011-31
    * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
      Miscellaneous memory safety hazards
    * CVE-2011-2988 (bmo#665936)
      String crash using WebGL shaders
    * CVE-2011-2987 (bmo#665934)
      Heap overflow in ANGLE library
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2986 (bmo#655836)
      Cross-origin data theft using canvas and Windows D2D
  - add mozilla-curl.patch to remove dependencies to obsolete curl
* Sat Jul 30 2011
  - update enigmail to 1.2.99 (1.3a1pre)
* Fri Jul 29 2011
  - update to version 6.0b2
    * removed obsolete patches
    - mozilla-gio.patch
    - thunderbird-gio.patch
  - fix symbol dumper for linux3 platform
* Sat Jul 09 2011
  - update to version 5.0
  - update enigmail to version 1.2
  - improved logic for the launcher command
  - enable gio usage (instead of gnomevfs) for 11.4 and newer
  - build dump_syms dynamic to build on 12.1 and above
* Mon Jun 20 2011
  - security update to version 3.1.11 (bnc#701296)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
    * MFSA 2011-23/CVE-2011-0083 CVE-2011-0085 CVE-2011-2363
      Multiple dangling pointer vulnerabilities
    * MFSA 2011-24/CVE-2011-2362 (bmo#616264)
      Cookie isolation error
  - speed up
  - do not build dump_syms static as it is not needed for us
    - > fixes build for 12.1 and above
* Fri Apr 15 2011
  - security update to version 3.1.10 (bnc#689281)
    * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0072
      CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078
      CVE-2011-0080 CVE-2011-0081
      Miscellaneous memory safety hazards
* Fri Mar 25 2011
  - Add mozilla-gcc46.patch: fix compilation with gcc 4.6
    See the following bug reports:
* Tue Feb 22 2011
  - security update to version 3.1.8 (build3) (bnc#667155)
    * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
      Miscellaneous memory safety hazards (rv:
    * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
      ParanoidFragmentSink allows javascript: URLs in chrome documents
    * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
      Crash caused by corrupted JPEG image
* Thu Jan 13 2011
  - rename desktop file for 11.4 and above (bnc#664211)
* Mon Jan 10 2011
  - add x-scheme-handler/mailto as mimetype to the desktop file
    as needed by newer Gnome environment
* Mon Nov 29 2010
  - security update to version 3.1.7 (bnc#657016)
    * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
      Miscellaneous memory safety hazards (rv:
    * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
      Buffer overflow while line breaking after document.write with
      long string
    * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
      Add support for OTS font sanitizer
  - provide versioned "thunderbird" symbol
* Wed Oct 27 2010
  - security update to version 3.1.6 (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
* Wed Oct 06 2010
  - security update to version 3.1.5 (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
    * new extra locales
    * removed upstreamed mozilla-helper-app.patch
  - require mozilla-nss >= 3.12.8
* Wed Sep 15 2010
  - update to version 3.1.4
    * fixing startup topcrash
* Mon Aug 30 2010
  - security update to version 3.1.3 (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
      SJOW creates scope chains ending in outer object
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
  - ESD notification sound fix included upstream
* Mon Aug 30 2010
  - fixed build with latest Gnome
* Sat Jul 24 2010
  - update to version 3.1.1
    * based on the Gecko 1.9.2 platform
    * Faster Search Results
    * Quick Filter Toolbar
    * New Migration Assistant
    * Saved Files Manager
  - update to enigmail 1.1.2
  - enable crashreporter and package buildsymbols
  - fixed esd sound output (notifications) (bmo#576365)
* Fri Jul 16 2010
  - security update to 3.0.6 (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Fri May 21 2010
  - security update to 3.0.5 (bnc#603356)
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      Crashes with evidence of memory corruption (rv:
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
* Mon Apr 12 2010
  - do not encode the RPM release number into the useragent
    to avoid non useful republishing (bnc#593807)
* Wed Mar 17 2010
  - security update to 3.0.4 (bnc#586567)
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
      Remote code execution with use-after-free in nsTreeSelection
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
* Sun Feb 28 2010
  - update to 3.0.3
    * Fix for missing folders or empty folder pane after updating
      to Thunderbird 3.0.2
* Fri Feb 26 2010
  - security update to 3.0.2 (bnc#576969)
    * MFSA 2010-01/CVE-2010-0159
      Crashes with evidence of memory corruption
    * MFSA 2010-03/CVE-2009-1571
      Use-after-free crash in HTML parser
    * various stability improvements
  - update enigmail to 1.0.1
    * Czech, Dutch, Polish and Portuguese (Brazilian) languages
      were added to the release.
    * there are several fixes related using OpenPGP Smartcards
  - use system hunspell again (bnc#582276)
* Mon Jan 11 2010
  - update to 3.0.1
    * fixed UI issues related to some combinations of installed addons
  - fixed session restore (bnc#528406, bmo#508986)
  - removed obsolete lightning stuff from spec file
  - removed obsolete orbit-devel build requirement
* Mon Dec 07 2009
  - update to 3.0 (bnc#559819)
  - update enigmail to final version 1.0.0
  - use --disable-updater and removed obsolete UI patch and
    pref changes
  - use internal cairo up to 11.1 (Gecko now requires at least 1.8.8)
  - added mozilla-clipboard.patch fixing a common crash (bmo#495392)
  - removed upstreamed patch thunderbird-cs-smtpauth.patch
* Wed Oct 07 2009
  - fixed startup-notification (bnc#518603)
* Tue Sep 29 2009
  - fixed CS locale to allow SMTP AUTH sending of mails (bnc#542809)
* Tue Sep 15 2009
  - update to 3.0b4
    * removed upstreamed patches
    * based on Gecko (inheriting security fixes)
    * new global search
* Tue Aug 25 2009
  - reversioned enigmail to 0.96.99 (as it's actually 0.97a and 0.96
    has been released already)
  - fixed RPM group for the translation subpackages
* Fri Aug 21 2009
  - remove obsolete code for protocol handlers (bmo#389732)
  - new enigmail snapshot (20090813)
  - require pinentry-gui for 11.2 and up (bnc#441084)
* Sun Aug 09 2009
  - Gtk filechooser allows alternative button order (as used in KDE)
  - translations{,-common} package doesn't provide en-US
  - split translations into -common and -other packages (bnc#529180)
* Tue Jul 28 2009
  - fixed wrong %exclude by removing unwanted files at %install stage
* Fri Jul 17 2009
  - major update to 3.0b3
  - update enigmail to 0.96pre
  - created enigmail subpackage and install to system wide location
    for Thunderbird and SeaMonkey
  - define MOZ_APP_LAUNCHER for session management (bmo#453689)
    (mozilla-app-launcher.patch and
  - move opensuse.js prefs to all-opensuse.js prefs to be able
    to override prefs in all-thunderbird.js
  - move intl.locale.matchOS to all-opensuse.js
  - added mozilla-jemalloc_deepbind.patch to fix various possible
    crashes (bnc#503151, bmo#493541)
* Fri Jun 19 2009
  - disable as-needed for this package as it fails to build with it
* Tue Jun 02 2009
  - Fixed build issue for gcc 4.4 (mozilla-gcc44.patch)
* Wed Mar 18 2009
  - security update to version (bnc#484321)
    * MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
      Crashes with evidence of memory corruption (rv:
    * MFSA 2009-09/CVE-2009-0776:
      XML data theft via RDFXMLDataSource and cross-domain redirect
    * MFSA 2009-10/CVE-2009-0040:
      Upgrade PNG library to fix memory safety hazards



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jun 10 06:20:49 2017