From cd0e3ea9a0fd226c9cfcf20a4b5cc969a78f414c4c187f3af8c9034632c81e26 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 19 May 2018 10:55:26 +0000 Subject: [PATCH] - update to Thunderbird 52.8 (bsc#1092548) MFSA 2018-13 * CVE-2018-5183 (bmo#1454692) Backport critical security fixes in Skia * CVE-2018-5184 (bmo#1411592, bsc#1093152) Full plaintext recovery in S/MIME via chosen-ciphertext attack * CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths * CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths * CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia * CVE-2018-5161 (bmo#1411720) Hang via malformed headers * CVE-2018-5162 (bmo#1457721, bsc#1093152) Encrypted mail leaks plaintext through src attribute * CVE-2018-5170 (bmo#1411732) Filename spoofing for external attachments * CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction * CVE-2018-5174 (bmo#1447080) (Windows only) Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update * CVE-2018-5178 (bmo#1443891) Buffer overflow during UTF-8 to Unicode string conversion through legacy extension * CVE-2018-5185 (bmo#1450345) Leaking plaintext through HTML forms * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705, bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415, OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=406 --- MozillaThunderbird.changes | 37 ++++++++++++++++++++++++++++++++++ MozillaThunderbird.spec | 4 ++-- compare-locales.tar.xz | 4 ++-- create-tar.sh | 4 ++-- l10n-52.7.tar.xz | 3 --- l10n-52.8.tar.xz | 3 +++ thunderbird-52.7-source.tar.xz | 3 --- thunderbird-52.8-source.tar.xz | 3 +++ 8 files changed, 49 insertions(+), 12 deletions(-) delete mode 100644 l10n-52.7.tar.xz create mode 100644 l10n-52.8.tar.xz delete mode 100644 thunderbird-52.7-source.tar.xz create mode 100644 thunderbird-52.8-source.tar.xz diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index ea6d653..39d65a5 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Sat May 19 06:16:58 UTC 2018 - wr@rosenauer.org + +- update to Thunderbird 52.8 (bsc#1092548) + MFSA 2018-13 + * CVE-2018-5183 (bmo#1454692) + Backport critical security fixes in Skia + * CVE-2018-5184 (bmo#1411592, bsc#1093152) + Full plaintext recovery in S/MIME via chosen-ciphertext attack + * CVE-2018-5154 (bmo#1443092) + Use-after-free with SVG animations and clip paths + * CVE-2018-5155 (bmo#1448774) + Use-after-free with SVG animations and text paths + * CVE-2018-5159 (bmo#1441941) + Integer overflow and out-of-bounds write in Skia + * CVE-2018-5161 (bmo#1411720) + Hang via malformed headers + * CVE-2018-5162 (bmo#1457721, bsc#1093152) + Encrypted mail leaks plaintext through src attribute + * CVE-2018-5170 (bmo#1411732) + Filename spoofing for external attachments + * CVE-2018-5168 (bmo#1449548) + Lightweight themes can be installed without user interaction + * CVE-2018-5174 (bmo#1447080) (Windows only) + Windows Defender SmartScreen UI runs with less secure behavior + for downloaded files in Windows 10 April 2018 Update + * CVE-2018-5178 (bmo#1443891) + Buffer overflow during UTF-8 to Unicode string conversion + through legacy extension + * CVE-2018-5185 (bmo#1450345) + Leaking plaintext through HTML forms + * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705, + bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415, + bmo#1426129) + Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8 and + Thunderbird 52.8 + ------------------------------------------------------------------- Wed Mar 28 01:31:17 CEST 2018 - ro@suse.de diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index 478f10a..ec2ed21 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -17,9 +17,9 @@ # -%define mainversion 52.7 +%define mainversion 52.8 %define update_channel release -%define releasedate 201803230000 +%define releasedate 201805170000 %bcond_without mozilla_tb_kde4 %bcond_with mozilla_tb_valgrind diff --git a/compare-locales.tar.xz b/compare-locales.tar.xz index 7396f13..72261c7 100644 --- a/compare-locales.tar.xz +++ b/compare-locales.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5619c69ab0ddc415df1634783c3ee50c80dc6690d2bf2ce0c1d1103311c9ef87 -size 28372 +oid sha256:691c3b54bb73f087ac1a393c94cd4d92fe88c2e910212e8ef629122463879cf6 +size 28380 diff --git a/create-tar.sh b/create-tar.sh index eb6d114..21649d5 100644 --- a/create-tar.sh +++ b/create-tar.sh @@ -2,8 +2,8 @@ CHANNEL="esr52" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_52_7_0_RELEASE" -VERSION="52.7" +RELEASE_TAG="THUNDERBIRD_52_8_0_RELEASE" +VERSION="52.8" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird diff --git a/l10n-52.7.tar.xz b/l10n-52.7.tar.xz deleted file mode 100644 index 80527cf..0000000 --- a/l10n-52.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e5489e085b0432ceed78f5542b2e09380e0586d9d8cb209433c45db150783d5a -size 26230056 diff --git a/l10n-52.8.tar.xz b/l10n-52.8.tar.xz new file mode 100644 index 0000000..a913789 --- /dev/null +++ b/l10n-52.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eec5c42b4fa59543986bc86e4dfe624aa5d900ea838e8cef419cc25c8b09369e +size 26214028 diff --git a/thunderbird-52.7-source.tar.xz b/thunderbird-52.7-source.tar.xz deleted file mode 100644 index ded3680..0000000 --- a/thunderbird-52.7-source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30e34c7c4facfe1601db7a9983a2dc1375b417ed7af35758256d38b6dcae9ad1 -size 242326388 diff --git a/thunderbird-52.8-source.tar.xz b/thunderbird-52.8-source.tar.xz new file mode 100644 index 0000000..046a844 --- /dev/null +++ b/thunderbird-52.8-source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aad1950fcf929bf557f977cbc88e5577215f20e0b080fe4c1dee64fba20433a8 +size 242321452