| Log Message: |
- new version 10.0.4 ESR (Extended Support Release)
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
(Miscellaneous memory safety hazards [CVE-2012-0468, CVE-2012-0467])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
(use-after-free in IDBKeyRange[CVE-2012-0469])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
(Invalid frees causes heap corruption in gfxImageSurface [CVE-2012-0470])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
(Potential XSS via multibyte content processing errors [CVE-2012-0471])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
(Potential memory corruption during font rendering using cairo-dwrite
[CVE-2012-0472])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
(WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error [CVE-2012-0473])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
(Page load short-circuit can lead to XSS [CVE-2012-0474])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
(Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
[CVE-2012-0475])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
(Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
[CVE-2012-0477])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
(Crash with WebGL content using textImage2D [CVE-2012-0478])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
(Off-by-one error in OpenType Sanitizer [CVE-2011-3062])
o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
(Potential site identity spoofing when loading RSS and Atom feeds
[CVE-2012-0479])
- switch to Enigmail 1.4, officially supported version for ESR releases
o fixes a problem with inline PGP decrpytion
|
updates/1/mozilla-thunderbird/current/SOURCES/enigmail-1.3.5.tar.gz.asc