tech-security: Re: pkg-vulnerabilities listing for Mozilla advisory missing Thunderbird reference

Subject: Re: pkg-vulnerabilities listing for Mozilla advisory missing Thunderbird reference
To: David H.Gutteridge <dhgutteridge@sympatico.ca>
From: Thomas Klausner <wiz@NetBSD.org>
List: tech-security
Date: 01/14/2005 14:53:19

On Sun, Jan 09, 2005 at 01:27:34AM -0500, David H.Gutteridge wrote:
> Regarding the vulnerability listing referenced as
> http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
> relating to handling of NNTP URLs in Mozilla < 1.7.3,
> in my understanding this also affects Thunderbird
> versions prior to 1.0.  Thunderbird is not listed
> as vulnerable in the latest pkg-vulnerabilities file.
> 
> See Mozilla Bugzilla entry 264388, which lists the
> Aviary (incl. Thunderbird) branch as affected.  I
> can confirm that the referenced source file is included
> in Thunderbird compiles, I checked a compile log I have.

You're right -- I added it to the vulnerabilities file.

Thank you,
 Thomas