<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1051-1                    security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
May 4th, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mozilla-thunderbird
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-2353 CVE-2005-4134 CVE-2006-0292 CVE-2006-0293
                 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884
                 CVE-2006-1045 CVE-2006-1529 CVE-2006-1530 CVE-2006-1531
                 CVE-2006-1723 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728
                 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1733
                 CVE-2006-1734 CVE-2006-1735 CVE-2006-1736 CVE-2006-1737
                 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741
                 CVE-2006-1742 CVE-2006-1790
CERT advisories: VU#179014 VU#252324 VU#329500 VU#350262 VU#488774 VU#492382
                 VU#592425 VU#736934 VU#813230 VU#842094 VU#932734 VU#935556
BugTraq IDs    : 15773 16476 16476 16770 16881 17516

Several security related problems have been discovered in Mozilla
Thunderbird.  The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CVE-2005-2353

    The "run-mozilla.sh" script allows local users to create or
    overwrite arbitrary files when debugging is enabled via a symlink
    attack on temporary files.

CVE-2005-4134

    Web pages with extremely long titles cause subsequent launches of
    the browser to appear to "hang" for up to a few minutes, or even
    crash if the computer has insufficient memory.  [MFSA-2006-03]

CVE-2006-0292

    The Javascript interpreter does not properly dereference objects,
    which allows remote attackers to cause a denial of service or
    execute arbitrary code.  [MFSA-2006-01]

CVE-2006-0293

    The function allocation code allows attackers to cause a denial of
    service and possibly execute arbitrary code.  [MFSA-2006-01]

CVE-2006-0296

    XULDocument.persist() did not validate the attribute name,
    allowing an attacker to inject arbitrary XML and JavaScript code
    into localstore.rdf that would be read and acted upon during
    startup.  [MFSA-2006-05]

CVE-2006-0748

    An anonymous researcher for TippingPoint and the Zero Day
    Initiative reported that an invalid and nonsensical ordering of
    table-related tags can be exploited to execute arbitrary code.
    [MFSA-2006-27]

CVE-2006-0749

    A particular sequence of HTML tags can cause memory corruption
    that can be exploited to exectute arbitary code.  [MFSA-2006-18]

CVE-2006-0884

    Georgi Guninski reports that forwarding mail in-line while using
    the default HTML "rich mail" editor will execute JavaScript
    embedded in the e-mail message with full privileges of the client.
    [MFSA-2006-21]

CVE-2006-1045

    The HTML rendering engine does not properly block external images
    from inline HTML attachments when "Block loading of remote images
    in mail messages" is enabled, which could allow remote attackers
    to obtain sensitive information.  [MFSA-2006-26]

CVE-2006-1529

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1530

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1531

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1723

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1724

    A vulnerability potentially allows remote attackers to cause a
    denial of service and possibly execute arbitrary.  [MFSA-2006-20]

CVE-2006-1727

    Georgi Guninski reported two variants of using scripts in an XBL
    control to gain chrome privileges when the page is viewed under
    "Print Preview".under "Print Preview".  [MFSA-2006-25]

CVE-2006-1728

    "shutdown" discovered that the crypto.generateCRMFRequest method
    can be used to run arbitrary code with the privilege of the user
    running the browser, which could enable an attacker to install
    malware.  [MFSA-2006-24]

CVE-2006-1729

    Claus Jørgensen reported that a text input box can be pre-filled
    with a filename and then turned into a file-upload control,
    allowing a malicious website to steal any local file whose name
    they can guess.  [MFSA-2006-23]

CVE-2006-1730

    An anonymous researcher for TippingPoint and the Zero Day
    Initiative discovered an integer overflow triggered by the CSS
    letter-spacing property, which could be exploited to execute
    arbitrary code.  [MFSA-2006-22]

CVE-2006-1731

    "moz_bug_r_a4" discovered that some internal functions return
    prototypes instead of objects, which allows remote attackers to
    conduct cross-site scripting attacks.  [MFSA-2006-19]

CVE-2006-1732

    "shutdown" discovered that it is possible to bypass same-origin
    protections, allowing a malicious site to inject script into
    content from another site, which could allow the malicious page to
    steal information such as cookies or passwords from the other
    site, or perform transactions on the user's behalf if the user
    were already logged in.  [MFSA-2006-17]

CVE-2006-1733

    "moz_bug_r_a4" discovered that the compilation scope of privileged
    built-in XBL bindings is not fully protected from web content and
    can still be executed which could be used to execute arbitrary
    JavaScript, which could allow an attacker to install malware such
    as viruses and password sniffers.  [MFSA-2006-16]

CVE-2006-1734

    "shutdown" discovered that it is possible to access an internal
    function object which could then be used to run arbitrary
    JavaScriptcode with full permissions of the user running the
    browser, which could be used to install spyware or viruses.
    [MFSA-2006-15]

CVE-2006-1735

    It is possible to create JavaScript functions that would get
    compiled with the wrong privileges, allowing an attacker to run
    code of their choice with full permissions of the user running the
    browser, which could be used to install spyware or viruses.
    [MFSA-2006-14]

CVE-2006-1736

    It is possible to trick users into downloading and saving an
    executable file via an image that is overlaid by a transparent
    image link that points to the executable.  [MFSA-2006-13]

CVE-2006-1737

    An integer overflow allows remote attackers to cause a denial of
    service and possibly execute arbitrary bytecode via JavaScript
    with a large regular expression.  [MFSA-2006-11]

CVE-2006-1738

    An unspecified vulnerability allows remote attackers to cause a
    denial of service.  [MFSA-2006-11]

CVE-2006-1739

    Certain Cascading Style Sheets (CSS) can cause an out-of-bounds
    array write and buffer overflow that could lead to a denial of
    service and the possible execution of arbitrary code.  [MFSA-2006-11]

CVE-2006-1740

    It is possible for remote attackers to spoof secure site
    indicators such as the locked icon by opening the trusted site in
    a popup window, then changing the location to a malicious site.
    [MFSA-2006-12]

CVE-2006-1741

    "shutdown" discovered that it is possible to inject arbitrary
    JavaScript code into a page on another site using a modal alert to
    suspend an event handler while a new page is being loaded.  This
    could be used to steal confidential information.  [MFSA-2006-09]

CVE-2006-1742

    Igor Bukanov discovered that the JavaScript engine does not
    properly handle temporary variables, which might allow remote
    attackers to trigger operations on freed memory and cause memory
    corruption, causing memory corruption.  [MFSA-2006-10]

CVE-2006-1790

    A regression fix that could lead to memory corruption allows
    remote attackers to cause a denial of service and possibly execute
    arbitrary code.  [MFSA-2006-11]

For the stable distribution (sarge) these problems have been fixed in
version 1.0.2-2.sarge1.0.8.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.0.2-1 of thunderbird.

We recommend that you upgrade your Mozilla Thunderbird packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.dsc
      Size/MD5 checksum:      997 0327b5d56178e6045be49e9b78c60b76
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.diff.gz
      Size/MD5 checksum:   329931 4dab3c7b21e40d055b95d74c35bedb58
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_alpha.deb
      Size/MD5 checksum: 12838168 bda025fdf3b077045cc21bab3a89e257
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_alpha.deb
      Size/MD5 checksum:  3276290 6a1a40cacc0bf38e951acc448ef29db0
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_alpha.deb
      Size/MD5 checksum:   150442 fca6c3f049cdf068da21a4edec3974e2
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_alpha.deb
      Size/MD5 checksum:    31886 f9f96e466c0bef3a0255c9eedded7bb3
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_alpha.deb
      Size/MD5 checksum:    87722 1280bc887809f52e77ea9f1b53739189

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum: 12246434 286f415370cea50e1db9e3cd42d2e4c2
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum:  3277348 757202c4103104bbf82ce17ff93de6ad
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum:   149416 9f727c74782a27cbc31ba9c3cc05e365
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum:    31884 451a6095a65939e5c5fa01cbcce3f399
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb
      Size/MD5 checksum:    87560 1b4e74ca5a206c0028c7385a37c9d72c

  ARM architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_arm.deb
      Size/MD5 checksum: 10336960 226d96bb928a8a5f1169e8e8f22cb94c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_arm.deb
      Size/MD5 checksum:  3268838 d6df5cef8606a925ab2e0f6d4759e2bf
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_arm.deb
      Size/MD5 checksum:   141526 fb78403f901f5a3551864aae8677855b
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_arm.deb
      Size/MD5 checksum:    31904 5e442a325862851a1ddcdf098f602488
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_arm.deb
      Size/MD5 checksum:    79556 d93846c81f778cdc8089f594edcdee29

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum: 11560136 b0e311d92acdc0c7e8b14b67bbf87a63
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum:  3503954 c76b1c2003373abb489d55fbc1cf8e9b
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum:   145070 42bfc6d7e45c85a328c974e0dbf33a2d
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum:    31882 6699d265d72be8d47e29607c19233ea5
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb
      Size/MD5 checksum:    86338 f71fa003bb6cbd5e073791c02215f55f

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum: 14613050 4ebeb5db1064173aa1c0f4f63debe1a4
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum:  3289384 28b78ccc68aa644a6e7ccfe1da7ed6c2
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum:   153794 3d08e3ca8da7aab4d18325018f089cf1
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum:    31886 5a51526eac30e965016709c84e5789cc
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb
      Size/MD5 checksum:   105440 bbf8174130d63df6a84a181e6f8f77d4

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_hppa.deb
      Size/MD5 checksum: 13558548 62fa53905105857b25039b360f5ed165
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_hppa.deb
      Size/MD5 checksum:  3282030 5c8f3bc938f0d9ee87588cbfb2cf79fb
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_hppa.deb
      Size/MD5 checksum:   151644 0a2894a49adc27f41dbc34ae850998cb
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_hppa.deb
      Size/MD5 checksum:    31886 06078286e5baa9703eecac8678c6259a
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_hppa.deb
      Size/MD5 checksum:    95646 82233c3c9d614801a19d6e07031a7e0a

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_m68k.deb
      Size/MD5 checksum: 10782388 f59c564e46e44dcbe7e045635a500253
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_m68k.deb
      Size/MD5 checksum:  3267578 646924bd2241dd7c4c61be86ed52f66e
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_m68k.deb
      Size/MD5 checksum:   143414 2ceb5e38365ba6488c0e0bbda2c16de2
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_m68k.deb
      Size/MD5 checksum:    31924 c79717feb3366b475a181fb94666a308
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_m68k.deb
      Size/MD5 checksum:    80832 52d33e4efd5d53f0d88a45b560348fc5

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mips.deb
      Size/MD5 checksum: 11940252 693556d436d10d0dfc0df428967bc054
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mips.deb
      Size/MD5 checksum:  3275664 eeaff88720b28b8624e4e2683deb8156
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mips.deb
      Size/MD5 checksum:   146354 84e79291c3a085c9315140b01d00620c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mips.deb
      Size/MD5 checksum:    31894 ca7b49008df0913a853614cc1e1f58d0
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mips.deb
      Size/MD5 checksum:    83106 297bef79199e69cd7eed64aba0472de1

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mipsel.deb
      Size/MD5 checksum: 11801596 bbf40fdabbe94838a63d689263b13dfc
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mipsel.deb
      Size/MD5 checksum:  3276522 56b8c3fbf4dfe10c11219f722dee243f
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mipsel.deb
      Size/MD5 checksum:   145920 55354ff3950db25f7a43d7dd643bdc0c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mipsel.deb
      Size/MD5 checksum:    31902 7792444ecceba497bbea95aa79bfd541
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mipsel.deb
      Size/MD5 checksum:    82932 a618ae0dc3fa628c9b942bc19a9e041b

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_powerpc.deb
      Size/MD5 checksum: 10900888 5a4bfd9854a2402b57a0f7fbeebc69e4
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_powerpc.deb
      Size/MD5 checksum:  3266966 2f9dfc8d97dfbc136d3d4a409d86080c
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_powerpc.deb
      Size/MD5 checksum:   143398 f1ed2509f11198cc79350ec34a8d169f
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_powerpc.deb
      Size/MD5 checksum:    31892 555cd49ac0135b6cca34e346b1730916
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_powerpc.deb
      Size/MD5 checksum:    79634 55a53bdc25f21625e6a5bf7409a79a60

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_s390.deb
      Size/MD5 checksum: 12694418 cb417029c1f1403fd85ad62696ba9a6a
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_s390.deb
      Size/MD5 checksum:  3277050 c9e56aa35a7ee4b3efb70aac8d1fb2b4
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_s390.deb
      Size/MD5 checksum:   149736 ddb248089886f5377167866e098276ee
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_s390.deb
      Size/MD5 checksum:    31894 757eabc20b4c623116efbfa6514f8674
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_s390.deb
      Size/MD5 checksum:    87580 a78dce29c87b7e57f30eb4ab566474b2

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_sparc.deb
      Size/MD5 checksum: 11164666 54d3682c2946c7a1a1a2f4d5632c5a9e
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_sparc.deb
      Size/MD5 checksum:  3271818 eec83ea3565d2a6137a077a0ac7bd0bf
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_sparc.deb
      Size/MD5 checksum:   143070 513f4ab787b0d0b680b562cb6e63fa18
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_sparc.deb
      Size/MD5 checksum:    31898 92244cdf10019877a52c4be13ec1fcdf
    
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_sparc.deb
      Size/MD5 checksum:    81430 041e86b0c9ea28c4f28973b9e1be627d


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEWbk2W5ql+IAeqTIRAq/CAJ9uKbZsW70eiVPzhZzKIHx4BJrhmQCdFRMv
nMPPOXb1A+ldZAOtytVNiDo=
=NaAq
-----END PGP SIGNATURE-----