Bug 121189 - mail/thunderbird needs updating to address security issues
Summary: mail/thunderbird needs updating to address security issues
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-gnome (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-28 22:30 UTC by gpalmer
Modified: 2008-02-28 23:40 UTC (History)
0 users

See Also:


Attachments
thunderbird-patch.txt (1.28 KB, text/plain; charset=us-ascii)
2008-02-28 22:44 UTC, gpalmer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description gpalmer freebsd_committer freebsd_triage 2008-02-28 22:30:07 UTC
The following security issues are fixed in Thunderbird 2.0.0.12

MFSA 2008-12  Heap buffer overflow in external MIME bodies
MFSA 2008-07 Possible information disclosure in BMP decoder
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

Fix: 

Untested patch attached
How-To-Repeat: cd /usr/ports/mail/thunderbird
grep DISTVERSION Makefile
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-02-28 22:30:12 UTC
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 gpalmer freebsd_committer freebsd_triage 2008-02-28 22:44:23 UTC
OK, try to get the patch attached this time

Comment 3 dfilter service freebsd_committer freebsd_triage 2008-02-28 23:36:02 UTC
mezz        2008-02-28 23:35:57 UTC

  FreeBSD ports repository

  Modified files:
    mail/thunderbird     Makefile distinfo 
  Log:
  Update to 2.0.0.12.
  
  PR:             ports/121189
  Submitted by:   gpalmer
  Security:       - MFSA 2008-12 Heap buffer overflow in external MIME bodies
                  - MFSA 2008-07 Possible information disclosure in BMP decoder
                  - MFSA 2008-05 Directory traversal via chrome: URI
                  - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
                  - MFSA 2008-01 Crashes with evidence of memory corruption
                    (rv:1.8.1.12)
  
  Revision  Changes    Path
  1.88      +1 -2      ports/mail/thunderbird/Makefile
  1.34      +3 -3      ports/mail/thunderbird/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Jeremy Messenger freebsd_committer freebsd_triage 2008-02-28 23:36:17 UTC
State Changed
From-To: open->closed

Committed, thanks!