Changelog
icedove (2.0.0.24-0lenny1) stable-security; urgency=low
* New upstream security/stability update (v2.0.0.23/v2.0.0.24)
* MFSA 2009-42 aka CVE-2009-2408: Compromise of SSL-protected communication
* MFSA 2009-43 aka CVE-2009-2404: Heap overflow in certificate regexp parsing
* MFSA 2009-49 aka CVE-2009-3077: TreeColumns dangling pointer vulnerability
* MFSA 2009-59 aka CVE-2009-0689: Heap buffer overflow in string to number conversion
* MFSA 2009-62 aka CVE-2009-3376: Download filename spoofing with RTL override
* MFSA 2009-68 aka CVE-2009-3983: NTLM reflection vulnerability
* MFSA 2010-07 aka
- CVE-2009-2463: Integer overflow in a base64 decoding function
- CVE-2009-3072: Crash in the BinHex decoder
- CVE-2009-3075: Crash in the JavaScript engine
- CVE-2010-0163: Crash indexing some messages with attachments
* adjust patches for new upstream
- update debian/patches/18_kbsd_nspr.dpatch
- update debian/patches/autoconf2.13-rerun
- update debian/patches/ubuntu-mail-app-xre-name
-- Christoph Goehre <email address hidden> Sat, 27 Mar 2010 12:06:44 +0100