109094 2005-10-13 00:56 0000 mail-client/mozilla-thunderbird{-bin}: does 1.0.7 fixes vulnerabilities ? 2005-10-18 05:38:05 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED WORKSFORME http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird A2? [noglsa] koon P2 major --- 1 koon@gentoo.org security@gentoo.org koon@gentoo.org 2005-10-13 00:56:06 0000 Thunderbird might be vulnerable to more than just the Mozilla Foundation says (it might be vuylnerable to much of the recent Firefox issues). At least Madriva, RedHat and Ubuntu are quite convinced of this. I asked for details, opening a bug do keep track of the issue. koon@gentoo.org 2005-10-13 01:05:36 0000 Testing and marking those stable preventively might be a good idea : mozilla-thunderbird Target KEYWORDS="alpha amd64 ia64 ppc sparc x86" mozilla-thunderbird-bin Target KEYWORDS="amd64 x86" gustavoz@gentoo.org 2005-10-13 11:21:15 0000 sparc stable. fuzzyray@gentoo.org 2005-10-13 14:46:49 0000 Stable on x86 hparker@gentoo.org 2005-10-13 18:58:03 0000 mozilla-thunderbird ok on amd64 bugs@braingravy.co.uk 2005-10-13 23:04:36 0000 (In reply to comment #4) > mozilla-thunderbird ok on amd64 Shouldn't thunderbird-bin also be marked stable on AMD64? koon@gentoo.org 2005-10-14 00:31:49 0000 (In reply to comment #5) > > Shouldn't thunderbird-bin also be marked stable on AMD64? Yes it should. blubb@gentoo.org 2005-10-14 01:40:19 0000 -bin stable too on amd64 yoswink@gentoo.org 2005-10-15 06:44:11 0000 Alpha Stable ( 1.0.7 ) BTW, ia64 seems to be done and keyworded by agriffis (please Aron, CC'ed ia64 again if needed). josejx@gentoo.org 2005-10-15 13:19:08 0000 Marked ppc stable. koon@gentoo.org 2005-10-16 02:02:07 0000 Ready for GLSA, waiting for more information about vulnerability of TB. koon@gentoo.org 2005-10-18 05:38:05 0000 Here is the results of our ivestigation, thanks to Josh Bressers of RedHat : - The XBM image decoder issue does not affect Thunderbird. - The zero-width non-joiner sequences can just be used to crash TB - The other flaws need Javascript (off in Thunderbird) So I'll close this one as WORKSFORME. Feel free to reopen if you disagree.