Publishing details
Changelog
icedove (1:45.8.0-3~deb8u1) jessie-security; urgency=medium
[ Carsten Schoenert ]
* New upstream version 45.8.0:
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5407: Pixel and history stealing via floating-point timing side
channel with SVG filters
CVE-2017-5410: Memory corruption during JavaScript garbage collection
incremental sweeping
CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
CVE-2017-5405: FTP response codes can cause use of uninitialized values
for ports
CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5390: Insecure communication methods in Developer Tools JSON
viewer
CVE-2017-5396: Use-after-free with Media Decoder
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
* debian/rules: don't set MOZ_APP_PROFILE in jessie or wheezy.
We don't need a special diffrent default profile folder in jessie or
wheezy. We will use always ~/.thunderbird in all available releases.
* tb-wrapper: call thunderbird starting with exec
[ Guido Günther ]
* Register components in gbp.conf
* Drop superfluous iceowl-l10n files
* Copy-edit thunderbird-wrapper-helper.sh
-- Guido Günther <email address hidden> Sat, 15 Apr 2017 16:37:06 +0200
Builds
Package files