/[packages]/updates/1/mozilla-thunderbird/current/SOURCES/sha1.lst |
Parent Directory | Revision Log
Links to HEAD: | (view) (download) (annotate) |
Sticky Revision: |
new version 10.0.12esr
new version 10.0.11esr
SILENT: fix sha1.lst
new version 10.0.10esr
new version 10.0.9esr
new version 10.0.8esr
- new version 10.0.7
new version 10.0.6
SILENT: revert wrong changes
new version 10.0.5esr
- new version 10.0.4 ESR (Extended Support Release) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-20.html (Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-22.html (use-after-free in IDBKeyRange[CVE-2012-0469]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-23.html (Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-24.html (Potential XSS via multibyte content processing errors [CVE-2012-0471]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-25.html (Potential memory corruption during font rendering using cairo-dwrite [CVE-2012-0472]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-26.html (WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error [CVE-2012-0473]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-27.html (Page load short-circuit can lead to XSS [CVE-2012-0474]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-28.html (Ambiguous IPv6 in Origin headers may bypass webserver access restrictions [CVE-2012-0475]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-29.html (Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues [CVE-2012-0477]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-30.html (Crash with WebGL content using textImage2D [CVE-2012-0478]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-31.html (Off-by-one error in OpenType Sanitizer [CVE-2011-3062]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-33.html (Potential site identity spoofing when loading RSS and Atom feeds [CVE-2012-0479]) - switch to Enigmail 1.4, officially supported version for ESR releases o fixes a problem with inline PGP decrpytion
use new tarball
- remove unused Sources
- new version 10.0.2 ESR (Extended Support Release) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) - drop all unused patches - remove useless commented-out stuff
- new version 10.0.1, switch to ESR (Extended Support Release) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) - update enigmail to 1.3.5, needed for thunderbird 10.0 - updated mageia-default-prefs.js, reenabled locale matching to system locale - change new default preference (extensions.autoDisableScopes) to not automatically disable systemwide installed addons, like language packs - added BuildRequires on yasm, mesagl-devel, startup-notification-devel, dbus, libevent-devel and libvpx-devel - added Requires on libcanberra for playing sounds - add Patch100 to use libcanberra for playing sounds (rediffed from upstream, mozilla-thunderbird-mga-use-libcanberra.patch) - rediffed Patch201, disabling default application dialog on Thunderbird start - use bundled libpng, system one is too old and updating it is a no-go for mga1 - do not build against system libxul, add requires_exception for libxul - disable updater and bundled lightning, disable compilation of lightning - enable gio, vpx and libevent and optimization - use org.mageia as distribution id - removed thunderbird.cfg - add -fPIC to CFLAGS
- new version 3.1.18 o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-59.html (.jar files not being treated as executables on MacOS [CVE-2011-3666] fixed in 3.1.17) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (Miscellaneous memory safety hazards [(rv:10.0/ 1.9.2.26) [CVE-2012-0443, CVE-2012-0442]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-02.html (Overly permissive IPv6 literal syntax [CVE-2011-3670]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (Child nodes from nsDOMAttribute still accessible after removal of nodes, [CVE-2011-3659]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449])
- new version 3.1.6 o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-46.html (loadSubScript unwraps XPCNativeWrapper scope parameter, a malicious page could potentially exploit a Thunderbird user who had installed an add-on that used loadSubscript in vulnerable ways) o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-47.html (Potential cross-site-scripting against sites using Shift-JIS encoding, CVE-2011-3648) o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-49.html (memory corruption while profiling using Firebug, CVE-2011-3650) - fixed CVE-2011-3640, untrusted search path vulnerability which might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory (fix-CVE-2011-3640.patch, from upstream)
- new version 3.1.15 - fixed http://www.mozilla.org/security/announce/2011/mfsa2011-34.html (Protection against fraudulent DigiNotar certificates, fixed in thunderbird 3.1.13) - fixed http://www.mozilla.org/security/announce/2011/mfsa2011-35.html (Additional protection against fraudulent DigiNotar certificates, fixed in thunderbird 3.1.14)
new version 3.1.12
SILENT: branch release 1
- Update to 3.1.10 - Rediff run-mozilla patch - Drop an old patch from SOURCES dir
SILENT: new binary files ./SOURCES/thunderbird-3.1.9.source.tar.bz2
SILENT: delete binary file thunderbird-3.1.8.source.tar.bz2
SILENT: new binary files ./SOURCES/thunderbird-3.1.8.source.tar.bz2
SILENT: delete binary file thunderbird-3.1.7.source.tar.bz2
imported package mozilla-thunderbird
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
ViewVC Help | |
Powered by ViewVC 1.1.30 |