Bug 189672
Summary: | Mozilla Thunderbird multiple vulnerabilities (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-0292, et al.) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Eisenstein <deisenst> | ||||||
Component: | thunderbird | Assignee: | Fedora Legacy Bugs <bugs> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | urgent | ||||||||
Version: | fc3 | CC: | pekkas | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://rhn.redhat.com/errata/RHSA-2006-0330.html | ||||||||
Whiteboard: | impact=critical, LEGACY, 3 | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-06-30 13:40:21 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
David Eisenstein
2006-04-22 13:34:12 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is an updated mozilla Thunderbird package to QA for FC3: 1aa9684f679b29eef1848d517a803c8606db1210__thunderbird-1.0.8-1.1.fc3.2.legacy.src.rpm http://turbosphere.fedoralegacy.org/logs/fedora-3-core/100-thunderbird-1.0.8-1.1.fc3.2.legacy/thunderbird-1.0.8-1.1.fc3.2.legacy.src.rpm Changelog: * Fri Apr 28 2006 David Eisenstein <deisenst> 1.0.8-1.1.fc3.2.legacy - - Add buildrequires - desktop-file-utils * Tue Apr 25 2006 David Eisenstein <deisenst> 1.0.8-1.1.fc3.1.legacy - - Portions of the firefox-1.0-gcc4-compile.patch are already applied in the src tarball. Remove those so remainder of patch will apply. * Tue Apr 25 2006 David Eisenstein <deisenst> 1.0.8-1.1.fc3.legacy - - Update to 1.0.8, containing fixes for: CVE-2006-1731, CVE-2006-1732, CVE-2006-1741, CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790, CVE-2006-1045 Thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFEUx2axou1V/j9XZwRAhS2AJ96lgMLDd8U9tOFJl3s4gsjprLxBQCeNYZp DaP02Sivfxvnr2y4eUT0wGo= =ESxA -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal [*] - no patch changes except OK removal. [*] as this is the first time this package is being built in mock, please make sure you run appropriate rpm-build-compare.sh (e.g., ldd) or similar stuff on the binaries to make sure all the buildrequires stuff that was in the previous version was properly included. +PUBLISH FC3 1aa9684f679b29eef1848d517a803c8606db1210 thunderbird-1.0.8-1.1.fc3.2.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFEV6vLGHbTkzxSL7QRAg+9AJ4z7P1mkbKeOa2BWStwPPa4pDxvDACgtazA mMU7kFqGOZCeZKdqrJGFakg= =ulPZ -----END PGP SIGNATURE----- Thanks, Pekka! :) Pekka, I wish to thank you very much for your advice to check the rpm-build-compare.sh of the binary packages. There were indeed many, many missing BuildRequires. I am building (what I hope is now) the last incarnation of Mozilla Thunderbird so we can push it to updates-testing... Thanks again! I appreciate your eagle-eye and your sharp mind! Created attachment 129317 [details] Proposed Test Update Notification for thunderbird-1.0.8 Enclosed is proposed updates-testing notification to go to fedora-legacy-list once pkgs are signed with the Legacy key and their SHA1-sums have been determined. I believe the thunderbird packages are ready to be pushed to updates-testing. Current packages to look at (signed with my own key) are here: SRPM: http://turbosphere.fedoralegacy.org/logs/fedora-3-core/138-thunderbird-1.0.8-1.1.fc3.4.legacy/thunderbird-1.0.8-1.1.fc3.4.legacy.src.rpm i386: http://turbosphere.fedoralegacy.org/logs/fedora-3-core/138-thunderbird-1.0.8-1.1.fc3.4.legacy/i386/thunderbird-1.0.8-1.1.fc3.4.legacy.i386.rpm x86_64: http://turbosphere.fedoralegacy.org/logs/fedora-3-core/138-thunderbird-1.0.8-1.1.fc3.4.legacy/x86_64/thunderbird-1.0.8-1.1.fc3.4.legacy.x86_64.rpm Thanks. Packages were pushed to updates-testing Timeout in 2 weeks. Timeout over. Created attachment 130899 [details]
Proposed Update advisory
Attached is a proposed update advisory for Thunderbird.
Packages were released to updates. Thanks, Marc! :) |