[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please unblock icedove 2.0.0.17-1

It clears two RC bugs and a few security bugs.Here's the recent changelog.

icedove (2.0.0.17-1) unstable; urgency=low

  * New upstream security/stability update (v.2.0.0.17), Closes: #500721
    * MFSA 2008-37 aka CVE-2008-0016 - UTF-8 URL stack buffer overflow
    * MFSA 2008-38 aka CVE-2008-3835 - nsXMLDocument::OnChannelRedirect()
      same-origin violation
    * MFSA 2008-41 aka CVE-2008-4058, CVE-2008-4059, CVE-2008-4060 - Privilege
      escalation via XPCnativeWrapper pollution
    * MFSA 2008-42 aka CVE-2008-4061, CVE-2008-4062, CVE-2008-4063,
      CVE-2008-4064 - Crashes with evidence of memory corruption
      (rv:1.9.0.2/1.8.1.17)
    * MFSA 2008-43 aka CVE-2008-4065, CVE-2008-4066 - BOM characters, low
      surrogates stripped from JavaScript before execution
    * MFSA 2008-44 aka CVE-2008-4067, CVE-2008-4068 - resource: traversal
      vulnerabilities
    * MFSA 2008-46 aka CVE-2008-4070 -  Heap overflow when canceling newsgroup
      message

  [ Michael Casadevall <sonicmctails@gmail.com> ]
  * debian/control:
    - Changed maintainer to Ubuntu Mozillateam
    - Added Uploaders to the team
    - Set DM-Upload-Allowed
    - Bumped standards version to 3.8.0

  [ Alexander Sack <asac@debian.org> ]
  * Closes: #497491 - Icedove inappropriately sets file-/MIME-type
    associations in .desktop database; we drop the Mime-Type= entry
    from debian/icedove.desktop
    - update debian/icedove.desktop

 -- Michael Casadevall <sonicmctails@gmail.com>  Sat, 18 Oct 2008 09:07:20 -0400

Michael
Reply to: