Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 109094
Alias:
Product:
Component:
Status: RESOLVED
Resolution: WORKSFORME
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 109094 depends on: Show dependency tree
Bug 109094 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-10-13 00:56 0000 
Thunderbird might be vulnerable to more than just the Mozilla Foundation says
(it might be vuylnerable to much of the recent Firefox issues). At least
Madriva, RedHat and Ubuntu are quite convinced of this.

I asked for details, opening a bug do keep track of the issue.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-10-13 01:05:36 0000 ------- 
Testing and marking those stable preventively might be a good idea :

mozilla-thunderbird Target KEYWORDS="alpha amd64 ia64 ppc sparc x86"
mozilla-thunderbird-bin Target KEYWORDS="amd64 x86"

------- Comment #2 From Gustavo Zacarias (RETIRED) 2005-10-13 11:21:15 0000 ------- 
sparc stable.

------- Comment #3 From Paul Varner 2005-10-13 14:46:49 0000 ------- 
Stable on x86

------- Comment #4 From Homer Parker 2005-10-13 18:58:03 0000 ------- 
mozilla-thunderbird ok on amd64

------- Comment #5 From Michael Sawczuk 2005-10-13 23:04:36 0000 ------- 
(In reply to comment #4)
> mozilla-thunderbird ok on amd64

Shouldn't thunderbird-bin also be marked stable on AMD64?

------- Comment #6 From Thierry Carrez (RETIRED) 2005-10-14 00:31:49 0000 ------- 
(In reply to comment #5)
> 
> Shouldn't thunderbird-bin also be marked stable on AMD64?

Yes it should.

------- Comment #7 From Simon Stelling (RETIRED) 2005-10-14 01:40:19 0000 ------- 
-bin stable too on amd64

------- Comment #8 From Jose Luis Rivero (yoswink) 2005-10-15 06:44:11 0000 ------- 
Alpha Stable ( 1.0.7 )

BTW, ia64 seems to be done and keyworded by agriffis (please Aron, CC'ed ia64
again if needed).

------- Comment #9 From Joe Jezak 2005-10-15 13:19:08 0000 ------- 
Marked ppc stable.

------- Comment #10 From Thierry Carrez (RETIRED) 2005-10-16 02:02:07 0000 ------- 
Ready for GLSA, waiting for more information about vulnerability of TB.

------- Comment #11 From Thierry Carrez (RETIRED) 2005-10-18 05:38:05 0000 ------- 
Here is the results of our ivestigation, thanks to Josh Bressers of RedHat :

- The XBM image decoder issue does not affect Thunderbird.
- The zero-width non-joiner sequences can just be used to crash TB
- The other flaws need Javascript (off in Thunderbird)

So I'll close this one as WORKSFORME. Feel free to reopen if you disagree.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug