Thunderbird 1.0.5 will fix the following vulnerability : MFSA 2005-46 XBL scripts ran even when Javascript disabled
1.0.5 released, mozilla please bump. Note there is still no entry the security page: http://www.mozilla.org/projects/security/known-vulnerabilities.html
Fixed in TB 1.0.5 : MFSA 2005-56 Code execution through shared function objects MFSA 2005-55 XHTML node spoofing MFSA 2005-52 Same origin violation: frame calling top.focus() MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo() MFSA 2005-46 XBL scripts ran even when Javascript disabled MFSA 2005-44 Privilege escalation via non-DOM property overrides MFSA 2005-41 Privilege escalation via DOM property overrides MFSA 2005-40 Missing Install object instance checks MFSA 2005-33 Javascript "lambda" replace exposes memory contents
mail-client/thunderbird{-bin}: 1.0.5 are in the tree.
Thx Anarchy, arches please test and mark stable : mozilla-thunderbird target KEYWORDS="alpha amd64 ia64 ppc sparc x86" mozilla-thunderbird-bin target KEYWORDS="~amd64 x86"
Hold the stable please it is still masked until Aron looks at it and makes a call on enigmail support. Sorry I should have announced it when I put it up that they were in the tree.
Waiting for a more definitive ebuild for TB. x86 can still test TB-bin though.
i guess amd64 too, right? :)
Aight we have made our finall changes to thunderbird-1.0.5 we can go ahead with marking stable.
Calling back arches... Anarchy will test for ppc. blubb: TB-bin is ~amd64 so you don't really need to mark it stable... But you need to mark TB-not-bin amd64 :)
*** Bug 99031 has been marked as a duplicate of this bug. ***
PPC is stable you will need to stabilize mozilla-launcher 0.34 before you can stablize thunderbird this is fine. Aron and Myself has already discussed this and do not see any problems.
I was actually thinking of marking the -bin stable on amd64 as it works very well. I've already tested the 1.0.5 ond amd64 but i needed that a non ~amd64 user would test and report.
I can do the amd64 -bin stable test in about 4 hours when i'm home.
sparc stable. amd64 thunderbird-bin works fine here too (not keywording though since i'm not on amd64@/authorized/whatever).
-bin stable on amd64
Stable on alpha and ia64.
x86, amd64: please test and mark thunderbird and thunderbird-bin stable (thunderbird-bin is already done for amd64)
Hmm. Apparently 1.0.5 is quite broken, 1.0.6 should appear early next week. http://www.mozillazine.org/talkback.html?article=6950 So I would say, stop the stable marking... and waiting for upstream
I've been running thunderbird (non-bin, 64-bit-compiled) on amd64 for about 24 hours now without issue. Oddly enough enigmail seems to be working fine - even though it seems like there are complaints that it shouldn't. Enigmail is installed as a user-profile extension (ie not system-wide).
mad64 please mark stable as soon as possible I will handle x86 if noone marks it by tonight. Enigmail is NOT suppose to work with thunderbird 1.0.5 but it does so I do not see this as an issue.
Stable on amd64.
both stable
GLSA 200507-17