Accepting request 793228 from home:AndreasStieger:branches:mozilla:Factory

MFSA 2020-14 data OBS-URL: https://build.opensuse.org/request/show/793228 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=525
2020-04-11 21:13:39 +00:00 · 2020-04-11 21:13:39 +00:00 · 12132f7191
commit 12132f7191
parent 8f09505c5b
1 changed files with 15 additions and 0 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -14,6 +14,21 @@ Thu Apr  9 17:27:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
  * Calendar: Invitations with embedded null bytes did not always decode correctly
  * Calendar: Cancelled events didn't show with a line-through
  * Various security fixes
+  MFSA 2020-14
+  In general, these flaws cannot be exploited through email in 
+  Thunderbird because scripting is disabled when reading mail, but
+  are potentially risks in browser or browser-like contexts.
+  * CVE-2020-6819 (bmo#1620818, bsc#1168630)
+    Use-after-free while running the nsDocShell destructor
+  * CVE-2020-6820 (bmo#1626728, bsc#1168630)
+    Use-after-free when handling a ReadableStream
+  * CVE-2020-6821 (bmo#1625404, bsc#1168874)
+    Uninitialized memory could be read when using the WebGL
+    copyTexSubImage method
+  * CVE-2020-6822 (bmo#1544181, bsc#1168874)
+    Out of bounds write in GMPDecodeData when processing large images
+  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203,bsc#1168874)
+    Memory safety bugs fixed in Thunderbird 68.7.0

 -------------------------------------------------------------------
 Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>