pool/MozillaThunderbird
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 640045 from home:AndreasStieger:branches:mozilla:Factory

Browse Source 
add CVEs from MFSA 2018-25

OBS-URL: https://build.opensuse.org/request/show/640045
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=432
This commit is contained in:
Wolfgang Rosenauer 2018-10-05 09:08:04 +00:00 committed by Git OBS Bridge
parent c0d713ad9e
commit 266f4763da
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
MozillaThunderbird.changes
View File

@ -22,16 +22,30 @@ Tue Oct 2 10:08:00 UTC 2018 - wr@rosenauer.org
* Calendar: First day of the week can now be set
* Calendar: Several fixes related to cutting/deleting of events
and email schedulin
* Fix date display issues (boo#1109379)
* Fix date display issues (bsc#1109379)
* Fix start-up crash due to folder name with special characters
(boo#1107772)
- security fixes for the Mozilla platform picked up from 60.1 and
(bsc#1107772)
- Security fixes for the Mozilla platform picked up from 60.1 and
60.2 (Firefox ESR releases). In general, these flaws
cannot be exploited through email in Thunderbird because
scripting is disabled when reading mail, but are potentially
risks in browser or browser-like contexts:
* bsc#1098998, bsc#1107343, bsc#1110506, bsc#1110507,
boo#1107343, boo#1109363
risks in browser or browser-like contexts (MFSA 2018-25):
* CVE-2018-12377 (bsc#1107343, bmo#1470260)
Use-after-free in refresh driver timers
* CVE-2018-12378 (bsc#1107343, bmo#1459383)
Use-after-free in IndexedDB
* CVE-2017-16541 (bsc#1066489, bmo#1412081)
Proxy bypass using automount and autofs
* CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
bmo#80521,bsc#1107343)
Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
* CVE-2018-12385 (bsc#1109363, bmo#1490585)
Crash in TransportSecurityInfo due to cached data
* CVE-2018-12383 (bsc#1107343, bmo#1475775)
Setting a master password did not delete unencrypted
previously stored passwords
-------------------------------------------------------------------
Tue Sep 11 09:59:08 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>

2
MozillaThunderbird.spec
View File

@ -13,7 +13,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#