For list of changes see: https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/
For release notes and fixed issues see here: https://www.mozilla.org/en-US/thunderbird/31.1.1/releasenotes/
Category Archives: Fedora
Fedora – Security Updates
Fedora 20 Security Update: libxml2-2.9.1-3.fc20
Resolved Bugs
1149084 – CVE-2014-3660 libxml2: denial of service via recursive entity expansion<br
New variants for the billion laugh DOS attacks
Fedora 19 Security Update: firefox-33.0-1.fc19
New upstream version – Firefox 33.
Update to the latest upstream 32.0.2.
Fedora 20 Security Update: deluge-1.3.10-1.fc20
Resolved Bugs
1153456 – deluge-web is vulnerable to POODLE<br
update to 1.3.10
Fedora 21 Security Update: php-5.6.2-1.fc21
16 Oct 2014, PHP 5.6.2
Core:
* Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas)
cURL:
* Fixed bug #68089 (NULL byte injection – cURL lib). (Stas)
EXIF:
* Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas)
XMLRPC:
* Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)
Fedora 21 Security Update: rubygem-httpclient-2.4.0-2.fc21
Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation
Fedora 21 Security Update: deluge-1.3.10-1.fc21
Resolved Bugs
1153456 – deluge-web is vulnerable to POODLE<br
update to 1.3.10
Fedora 21 Security Update: kernel-3.17.1-300.fc21
Resolved Bugs
1151108 – CVE-2014-7975 Kernel: fs: umount denial of service
1152025 – CVE-2014-7975 Kernel: fs: umount denial of service [fedora-all]
1151095 – CVE-2014-7970 Kernel: fs: VFS denial of service
1151484 – CVE-2014-7970 Kernel: fs: VFS denial of service [fedora-all]
1149509 – [PATCH] Apply quirk for elan touchscreens
1045821 – ACER Chromebook C720P: touchpad and touchscreen do not work<br
Update to latest upstream stable release, Linux v3.17.1. Also fixes a btrfs corruption error when read-only snapshots are used.
Fedora 21 Security Update: openssl-1.0.1j-1.fc21
Resolved Bugs
1152850 – CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack [fedora-all]<br
Update fixing three moderate security issues.
Fedora 21 Security Update: devscripts-2.14.10-1.fc21
Resolved Bugs
1059947 – CVE-2014-1833 devscripts: directory traversal flaw in uupdate
1059948 – devscripts: directory traversal flaw in uupdate [fedora-20]<br
Update to version 2.14.10, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.10_changelog for details.
Update to version 2.14.9, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog for details.
Update to version 2.14.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.
Update to version 2.14.9, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.9_changelog for details.
Update to version 2.14.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.14.8_changelog for details. Fixes CVE-2014-1833.