Accepted icedove 3.1.10-2~bpo60+1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 16 Jun 2011 20:52:59 +0200
Source: icedove
Binary: icedove icedove-dev icedove-dbg
Architecture: source i386
Version: 3.1.10-2~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Alexander Sack <asac@debian.org>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Description:
icedove - mail/news client with RSS and integrated spam filter support
icedove-dbg - Debug Symbols for Icedove
icedove-dev - Development files for Icedove
Closes: 403458 487494 505875 589476 589666 591899 592531 595665 601334 606977 623668 624969 625207 627598
Changes:
icedove (3.1.10-2~bpo60+1) squeeze-backports; urgency=low
.
* Rebuild for squeeze-backports.
.
icedove (3.1.10-2) unstable; urgency=low
.
* [de81b7f] remove obsolete build depends libxp-dev (Closes: #623668)
* [633782d] change DEB_HOST_MULTIARCH back to DEB_HOST_GNU_TYPE and
downgrade sqlite version (Closes: #627598)
.
icedove (3.1.10-1) unstable; urgency=high
.
* New Upstream Version (Closes: #625207)
- MFSA 2011-12 aka CVE-2011-0069, CVE-2011-0070, CVE-2011-0072,
CVE-2011-0074, CVE-2011-0075, CVE-2011-0077,
CVE-2011-0078, CVE-2011-0080, CVE-2011-0081:
Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- MFSA 2011-16 aka CVE-2011-0071: Directory traversal in resource: protocol
* [78e0217] build against system libbz2
* [e6af761] build against system libpng
* [4b57c30] build against system libhunspell
* [937f0bd] double check to build against most system libraries
* [d6de723] rebuild patch queue from patch-queue branch
added patches (Closes: #624969):
- 0072-fix-building-with-gcc-4.6-Add-constructor-to-placate.patch
- 0073-fix-building-with-gcc-4.6-os2.cc-missing-include-cst.patch
- 0074-Add-constructor-for-nsCaseInsensitiveStringComparato.patch
- 0075-Add-constructor-for-nsXULAppInfo-which-inherits-from.patch
- 0076-Add-constructor-for-GTKEmbedDirectoryProvider.patch
modified patches:
- 0056-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch
obsolete patches (fixed upstream):
- 0051-Do-exec-instead-of-uselessly-forking-in-xulrunner-la.patch
- 0072-Add-support-for-libnotify-0.7.patch
* [e190ef1] bump up standards version to 3.9.2 (change DEB_HOST_GNU_TYPE to
DEB_HOST_MULTIARCH)
.
icedove (3.1.9-2) unstable; urgency=low
.
* Upload to unstable
* [ace3b6f] rebuild patch queue from patch-queue branch
added patches:
- 0072-Add-support-for-libnotify-0.7.patch
* [910f213] use DEP5 for copyright file
* [3ae4c8b] set global section to 'mail'
* [42c9c89] icedove.1: icedove is derived from Thunderbird instead of
Mozilla suite
.
icedove (3.1.9-1) experimental; urgency=low
.
* New Upstream Version
- MFSA 2011-01 aka CVE-2011-0053, CVE-2011-0062: Miscellaneous memory
safety hazards (rv:1.9.2.14/ 1.9.1.17)
- MFSA 2011-08 aka CVE-2010-1585: ParanoidFragmentSink allows javascript:
URLs in chrome documents
- MFSA 2011-09 aka CVE-2011-0061: Crash caused by corrupted JPEG image
* [699536a] rebuild patch queue from patch-queue branch
added patches:
- 0069-save-a-copy-of-a-attached-file-when-sending-from-OOo.patch
(Closes: #505875)
- 0070-News-article-is-empty-if-selected-during-download-fr.patch
(Closes: #487494)
- 0071-restore-icedove-on-login-by-session-management.patch
(Closes: #403458)
modified patches:
- 0003-no_dynamic_nss_softokn.patch
- 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
- 0030-Don-t-error-out-when-run-time-libsqlite-is-older-tha.patch
* [98d8ac0] c-sdk move to sdks/c-sdk - adjust
debian/{copyright,remove.nonfree,rules}
.
icedove (3.1.7-1) experimental; urgency=low
.
* New Upstream Version (Closes: #606977)
- MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3777: Miscellaneous memory
safety hazards (rv:1.9.2.13/ 1.9.1.16)
- MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking
after document.write with long string
- MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer
* [46e3e8a] rebuild patch queue from patch-queue branch
added patches:
- 0068-fix-forwarding-of-Simple-HTML-email.patch
obsolete patches (fixed upstream):
- 0017-Implement-sync_instruction_memory-for-sparc-linux.patch
- 0059-Fix-startup-problem-with-symlinked-components-e.g.-e.patch
* [9fcce0c] add license info for gfx/ots
.
icedove (3.1.6-1) experimental; urgency=low
.
* New Upstream Version (Closes: #601334)
- MFSA 2010-64 aka CVE-2010-3175, CVE-2010-3176: Miscellaneous memory
safety hazards (rv:1.9.2.11/ 1.9.1.14)
- MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption
using document.write
- MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp
- MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in
LookupGetterOrSetter
- MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via
modal calls
- MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities
- MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing
document.write and DOM insertion
* [270fd51] rebuild patch queue from patch-queue branch
added patches:
- 0069-Use-errno.ENOENT-instead-of-2-in-JarMaker.py.patch
modified patches:
- 0009-fix-branding-in-migration-wizard-and-the-addon-manag.patch
* [24421f4] bump build depends for libnspr4-dev, libnss3-dev and
libsqlite3-dev
.
icedove (3.1.4-1) experimental; urgency=low
.
* New Upstream Version
.
icedove (3.1.3-1) experimental; urgency=low
.
* New Upstream Version
- MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards
(rv:1.9.2.9/ 1.9.1.12)
- MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability
- MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM
plugin array
- MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in
nsTextFrameUtils::TransformText
- MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in
nsTreeSelection
- MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code
execution
- MFSA 2010-56 aka CVE-2010-3167: Dangling pointer vulnerability in
nsTreeContentView
- MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in
normalizeDocument
- MFSA 2010-59 aka CVE-2010-2762: SJOW creates scope chains ending in
outer object
- MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset
using <object> type attribute
- MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into
designMode document allows XSS
- MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest
statusText
* [9a03eb1] rebuild patch queue from patch-queue branch
added patches:
- 0060-fix-FTBFS-on-hurd.patch (Closes: #595665)
- 0061-Enable-x64-JIT-backend-by-default.patch
- 0062-Fix-unaligned-reads-in-qcms.patch
- 0063-Import-js-src-nanojit-njcpudetect.h.patch
- 0064-Use-clz-on-android-even-for-armv5-target.patch
- 0065-Fix-ARM-verbose-assembly-output-for-BLX.patch
- 0066-Get-rid-of-blx_lr_bug.patch
- 0067-Avoid-some-ARM-CPU-arch-related-runtime-tests-depend.patch
- 0068-ARMv4T-support-for-nanojit.patch
.
icedove (3.1.2-2) experimental; urgency=low
.
* [e1435dc] rebuild patch queue from patch-queue branch
added patches:
- 0060-Fix-startup-problem-with-symlinked-components-e.g.-e.patch
(Closes: #592531)
modified patches:
- 0048-Add-nanojit-support-for-ARMv4T.patch - Fix FTBFS on armel
.
icedove (3.1.2-1) experimental; urgency=low
.
* New Upstream Version (Closes: #589666, #591899)
- MFSA 2010-34 aka CVE-2010-1211, CVE-2010-1212: Miscellaneous memory
safety hazards (rv:1.9.2.7/ 1.9.1.11)
- MFSA 2010-38 aka CVE-2010-1215: Arbitrary code execution using SJOW and
fast native function
- MFSA 2010-39 aka CVE-2010-2752: nsCSSValue::Array index integer overflow
- MFSA 2010-40 aka CVE-2010-2753: nsTreeSelection dangling pointer remote
code execution vulnerability
- MFSA 2010-41 aka CVE-2010-1205: Remote code execution using malformed PNG
image
- MFSA 2010-42 aka CVE-2010-1213: Cross-origin data disclosure via Web
Workers and importScripts
- MFSA 2010-43 aka CVE-2010-1207: Same-origin bypass using canvas context
- MFSA 2010-44 aka CVE-2010-1210: Characters mapped to U+FFFD in 8 bit
encodings cause subsequent character to vanish
- MFSA 2010-46 aka CVE-2010-0654: Cross-domain data theft using CSS
- MFSA 2010-47 aka CVE-2010-2754: Cross-origin data leakage from script
filename in error messages
* [6b9976e] rebuild patch queue from patch-queue branch
modified patches:
- 0010-Support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
- 0015-Don-t-register-plugins-if-the-MOZILLA_DISABLE_PLUGIN.patch
- 0018-Work-around-FTBFS-on-mips-by-disabling-TLS-support.patch
- 0034-Fix-compiler-errors-with-g-4.4-with-std-gnu-0x.patch
- 0045-Expose-fullpath-from-nsIPluginTag.patch
- 0047-Use-syscall-for-mmap-and-munmap-and-disable-ncpus-in.patch
- 0050-Set-javascript.options.showInConsole.patch
- 0057-Allow-to-build-against-system-libffi.patch
- 0058-Ignore-system-libjpeg-libpng-and-zlib-version-checki.patch
- 0059-Disable-APNG-support-when-system-libpng-doesn-t-supp.patch
* [16b0e7e] fix FTBFS on kfreebsd-* and hurd-i386 by passing
--disable-necko-wifi to configure (Closes: #589476)
* [15a02c7] bump up standards version to 3.9.1
.
icedove (3.1-1) experimental; urgency=low
.
* New Upstream Version
* [124a316] add additional build depends libnotify-dev
* [5ed6a72] adjust branding for Icedove 3.1
* [bed8969] install further js files shipped with Icedove 3.1
* [02456e6] replace blue icedove icons with green version
* [036921f] regenerate patch queue for 3.1 Icedove release
* [a7fa393] build with system ffi
* [d8650f7] ship icedove svg file for low resolution icons too
* [7718c55] bump Standards Version to 3.9.0 and downgrade Conflicts to
Breaks
* [9621fc6] lintian: override ancient-libtool warning
Checksums-Sha1:
c9f954612c1b9c126d819ff326b67ebf5423b061 2560 icedove_3.1.10-2~bpo60+1.dsc
e049901dc6eadc0bd83c2ea434862b650c49148f 61041565 icedove_3.1.10.orig.tar.bz2
e5d0226cf662d1f5014445ded66a1d0a1bf60cbe 472662 icedove_3.1.10-2~bpo60+1.debian.tar.gz
d3da7a8fb36a6de85308f498746c566857e0d94d 11790006 icedove_3.1.10-2~bpo60+1_i386.deb
9175f0f4532dcff8d4b22d2858381b6984a76789 5206298 icedove-dev_3.1.10-2~bpo60+1_i386.deb
14a3b696746ef95a46c5c610833993a04a35a737 68286406 icedove-dbg_3.1.10-2~bpo60+1_i386.deb
Checksums-Sha256:
95a67d79e48435bbb0eed25658006157a0a9f617e9a9898647443af51cb309ef 2560 icedove_3.1.10-2~bpo60+1.dsc
c3615f41ff690bb52330c808a3eeeeac70b09f99b3de29bb507a4506f5bdb6c4 61041565 icedove_3.1.10.orig.tar.bz2
d66832cc9214ee2e01549e72f0fe5eb1ffc9b5cfd34bd9f17185eb57f4e7d065 472662 icedove_3.1.10-2~bpo60+1.debian.tar.gz
98439916cec3617c591479037c7c895dc173f6cbad8d052bf4eb130eea7dddc5 11790006 icedove_3.1.10-2~bpo60+1_i386.deb
868699395681a62b2ce1b0be30b205153ac4c7abcd9655611a9c094236fa7a1c 5206298 icedove-dev_3.1.10-2~bpo60+1_i386.deb
432d6bab548cfdd21fcb33373be4cf80950d6a1464a0e8d5dbf9c7324055b315 68286406 icedove-dbg_3.1.10-2~bpo60+1_i386.deb
Files:
1af194ce2ea9627cc6c097d9b3edfc9e 2560 mail optional icedove_3.1.10-2~bpo60+1.dsc
570cde316a784c75c3040f4d8035ec6a 61041565 mail optional icedove_3.1.10.orig.tar.bz2
25ce8dd5c352c656a41b75c1165fd861 472662 mail optional icedove_3.1.10-2~bpo60+1.debian.tar.gz
58109fb6e45f3b7f27069ae451194db3 11790006 mail optional icedove_3.1.10-2~bpo60+1_i386.deb
278635ae6010f32c1daf2d768b893f0d 5206298 mail optional icedove-dev_3.1.10-2~bpo60+1_i386.deb
78ba67e3585a913b14a45eb2fe9debef 68286406 debug extra icedove-dbg_3.1.10-2~bpo60+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJN/Ng4AAoJECbjyHWnRCDvTrkP/jKFXDOSpVVFZMsljVjwNVhY
zcGcNz9RWrMyU/UDh3MBvLqF6M8Y9+SCOgnENtIo7DgBjoWj9N8Y90GlYBU9hmFM
OGrrwYtdAGM7kFU23aJ2IQblywmyNyuZJZ/PiZ/+lWuzKmr9C2YZAuas06LCoVxX
B4bXjgHon4jW+vlWqv5PiZ3Mjgo7WjVTWpuMBltGjB1M72hIMth1DscodeiJplHo
ZbVfkan8zooZFh17T+x++MPvTmnia8NRwG5NQbkcKoW8zfv3/ycA2NCreg/nhqls
5z8eID2QIeu1hSGDSsdIs4nKf8WcfZ0tJdd8HkCi+oJFaQw4sr4tmQY4pVXLe5Nw
rcMsVJPR/iD+LawLF9z9q6BVtzB/B+Ns7UXK+PjrzRUMpQe2+YXdxU1Y6dnocLCn
EkH6ZISw4aAAo/gx+2jWD90O4HRAqVsowyEEQVYfRXvaNQXcnqLgajBq/9fYOf6D
HUfSA0E4g6CTEyDrExWTWqIeXuRlBpM0USmmahJqm3AhCcsCVHPRmG5h3wj9flSU
jBCnnANEE7Wfso59EJNy7nDKPK2PqjdV+se7O+pb7j6bmA3286ZAamIAxMc+ZTB0
BFcR7swH1fTi2vNNutWzfvmjVjzA0GjHL+hNxe0WQm5d9rcEDlA874kmlmw2eJyQ
/Z6d3BNfmrRCcfkawp4q
=L9nr
-----END PGP SIGNATURE-----
Accepted:
icedove-dbg_3.1.10-2~bpo60+1_i386.deb
to main/i/icedove/icedove-dbg_3.1.10-2~bpo60+1_i386.deb
icedove-dev_3.1.10-2~bpo60+1_i386.deb
to main/i/icedove/icedove-dev_3.1.10-2~bpo60+1_i386.deb
icedove_3.1.10-2~bpo60+1.debian.tar.gz
to main/i/icedove/icedove_3.1.10-2~bpo60+1.debian.tar.gz
icedove_3.1.10-2~bpo60+1.dsc
to main/i/icedove/icedove_3.1.10-2~bpo60+1.dsc
icedove_3.1.10-2~bpo60+1_i386.deb
to main/i/icedove/icedove_3.1.10-2~bpo60+1_i386.deb
icedove_3.1.10.orig.tar.bz2
to main/i/icedove/icedove_3.1.10.orig.tar.bz2
Reply to: