U radu programskog paketa Mozilla Thunderbird uočeni su višestruki sigurnosni propusti. Napadač ih može iskoristiti za zaobilaženje postavljenih ograničenja, stjecanje povećanih ovlasti, pokretanje proizvoljnog programskog koda i izvođenje DoS napada.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11084
2011-08-18 01:38:35
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 14
Version     : 3.1.12
Release     : 1.fc14
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.20 and Thunderbird version 3.1.12,
fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
* http://www.mozilla.org/security/announce/2011/mfsa2011-32.html

This update also includes all packages depending on gecko-libs rebuilt against
the new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 17 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.12-1
- Update to 3.1.12
* Tue Jun 21 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.11-1
- Update to 3.1.11
* Thu Apr 28 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.10-1
- Update to 3.1.10
* Wed Apr 20 2011 Christopher Aillon <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.9-2
- Drop the -lightning subpackage, it needs to be in its own SRPM
* Mon Mar  7 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.9-1
- Update to 3.1.9
* Tue Mar  1 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.8-3
- Update to 3.1.8
* Mon Jan  3 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.7-3
- Mozilla crash reporter enabled
* Thu Dec  9 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.7-2
- Fixed useragent
* Thu Dec  9 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.7-1
- Update to 3.1.7
* Sat Nov 27 2010 Remi Collet <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.6-3
- fix cairo + nspr required version
- lightning: fix thunderbird version required
- lightning: fix release (b3pre)
- lightning: clean install
* Wed Nov  3 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.6-2
- Move thunderbird-lightning extension from Sunbird package to Thunderbird
- Removed dependency on static libraries
* Wed Oct 27 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.6-1
- Update to 3.1.6
* Tue Oct 19 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.1.5-1
- Update to 3.1.5
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update thunderbird' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11087
2011-08-18 01:39:02
--------------------------------------------------------------------------------

Name        : thunderbird
Product     : Fedora 15
Version     : 6.0
Release     : 1.fc15
URL         : http://www.mozilla.org/projects/thunderbird/
Summary     : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Thunderbird version 6.0, fixing multiple security issues
detailed in the upstream advisory:

* http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 16 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 6.0-1
- Update to 6.0
* Tue Aug 16 2011 Remi Collet <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 5.0-4
- Don't unzip the langpacks
* Mon Aug 15 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 5.0-3
- Rebuild due to rhbz#728707
* Wed Jul 20 2011 Dan HorÄ