Debian
icedove package

icedove 1:52.3.0-1 source package in Debian

Changelog

icedove (1:52.3.0-1) unstable; urgency=medium

  [ Carsten Schoenert ]
  * [8e852be] New upstream version 52.3.0
    Fixed CVE issues in upstream version 52.0 (MFSA 2017-20)
    CVE-2017-7800: Use-after-free in WebSockets during disconnection
    CVE-2017-7801: Use-after-free with marquee during window resizing
    CVE-2017-7809: Use-after-free while deleting attached editor DOM node
    CVE-2017-7784: Use-after-free with image observers
    CVE-2017-7802: Use-after-free resizing image elements
    CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
    CVE-2017-7786: Buffer overflow while painting non-displayable SVG
    CVE-2017-7753: Out-of-bounds read with cached style data and
                   pseudo-elements
    CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
    CVE-2017-7807: Domain hijacking through AppCache fallback
    CVE-2017-7792: Buffer overflow viewing certificates with an extremely
                   long OID
    CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
    CVE-2017-7791: Spoofing following page navigation with data: protocol and
                   modal alerts
    CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP
                   protections
    CVE-2017-7803: CSP containing 'sandbox' improperly applied
    CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3,
                   and Thunderbird 52.3
  * [0b7243b] debian/rules: build icudt5*.dat on our own if needed
    If we need to use the internal sources of ICU (triggered by
    using --with-system-icu) we need to build the platform depended file
    icudt*[b,l].dat before we can call the configure run.
    This is needed as Mozilla only ships a precompiled little endian version
    of the file icudt*.dat and all platforms with big endianness are failing
    later due issues related to the wrong endianness.
  * [1964469] debian/mozconfig.default: enable i18n on big endian
  * [6b58ac5] debian/control: increase Standards-Version to 4.0.1
  * [e59cf81] rebuild patch queue from patch-queue branch
    removed patche(s) (applied upstream):
    - fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch
    updated/refreshed patches (no changes):
    - porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch

  [ Simon Deziel ]
  * [a574010] apparmor/usr.bin.thunderbird: small update to avoid noise

 -- Carsten Schoenert <email address hidden>  Sat, 19 Aug 2017 18:27:19 +0200

Upload details

Uploaded by:
Christoph Goehre
Uploaded to:
Sid
Original maintainer:
Christoph Goehre
Architectures:
any all
Section:
mail
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
icedove_52.3.0-1.dsc 19.5 KiB 4b085f932028adc48348e04ccd37e081d46a8ac4b574c357d6377e4ee6958dc7
icedove_52.3.0.orig-icedove-l10n.tar.xz 8.6 MiB 79caa622a0c1803d243c1123b70568c19ddd40511c3082206a3dcdd8fb8a39bf
icedove_52.3.0.orig-iceowl-l10n.tar.xz 854.7 KiB 8324e1388d4a148585afe8d1357bfb70c4200e151aa331e9cc08957315e44dcc
icedove_52.3.0.orig.tar.xz 225.0 MiB a71cfda541ca349871af53b2a4866a9a83a92d2d993980895ef3be2e864378a5
icedove_52.3.0-1.debian.tar.xz 387.2 KiB 12f1fe756ff2ed80a2d60e7389c6fe76d500dc477d26ae97c1e327701e0e82fb

No changes file available.

Binary packages built by this source