Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/mail/thunderbird
From: Matthias Scheler
Date: 2013-08-11 20:24:31
Message id: 20130811182431.2666A96@cvs.netbsd.org

Log Message:
Pullup ticket #4206 - requested by ryoon
mail/thunderbird: security update

Revisions pulled up:
- mail/thunderbird/Makefile                                     1.118-1.119
- mail/thunderbird/distinfo                                     \ 
1.123-1.124,1.126-1.127

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Tue Jul  9 10:57:20 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 17.0.7

   Changelog:
       FIXED
       Security fixes can be found here

   Fixed in Thunderbird 17.0.7
   MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a \ 
privileged context
   MFSA 2013-56 PreserveWrapper has inconsistent behavior
   MFSA 2013-55 SVG filters can lead to information disclosure
   MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
   MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
   MFSA 2013-51 Privileged content access and execution via XBL
   MFSA 2013-50 Memory corruption found using Address Sanitizer
   MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Jul  9 21:25:24 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo

   Log Message:
   restore enigmail checksums, again.

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Sat Aug 10 00:31:20 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 17.0.8

   Changelog:
   Security bugfixes.
   MFSA 2013-75 Local Java applets may read contents of local file system
   MFSA 2013-73 Same-origin bypass with web workers and XMLHttpRequest
   MFSA 2013-72 Wrong principal used for validating URI for some Javascript \ 
components
   MFSA 2013-71 Further Privilege escalation through Mozilla Updater
   MFSA 2013-69 CRMF requests allow for code execution and XSS attacks
   MFSA 2013-68 Document URI misrepresentation and masquerading
   MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and Mozilla Updater
   MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8)

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Sat Aug 10 23:26:31 UTC 2013

   Modified Files:
   	pkgsrc/mail/thunderbird: distinfo

   Log Message:
   Fixed building thunderbird with the "mozilla-enigmail" option enabled.

Files:
RevisionActionfile
1.117.2.1modifypkgsrc/mail/thunderbird/Makefile
1.122.2.1modifypkgsrc/mail/thunderbird/distinfo