- Mozilla Thunderbird 91.4.0

* several fixes as outlined here
    https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
  MFSA 2021-54 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43545 (bmo#1720926)
    Denial of Service when using the Location API in a loop
  * CVE-2021-43546 (bmo#1737751)
    Cursor spoofing could overlay user interface when native
    cursor is zoomed
  * CVE-2021-43528 (bmo#1742579)
    JavaScript unexpectedly enabled for the composition area
  * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
    bmo#1737009, bmo#1739372, bmo#1739421)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=617
This commit is contained in:
Wolfgang Rosenauer 2021-12-07 21:16:26 +00:00 committed by Git OBS Bridge
parent 2586d6fed9
commit a14190f4f1
9 changed files with 63 additions and 28 deletions

View File

@ -1,3 +1,38 @@
-------------------------------------------------------------------
Thu Dec 2 08:55:33 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 91.4.0
* several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
MFSA 2021-54 (bsc#1193485)
* CVE-2021-43536 (bmo#1730120)
URL leakage when navigating while executing asynchronous
function
* CVE-2021-43537 (bmo#1738237)
Heap buffer overflow when using structured clone
* CVE-2021-43538 (bmo#1739091)
Missing fullscreen and pointer lock notification when
requesting both
* CVE-2021-43539 (bmo#1739683)
GC rooting failure when calling wasm instance methods
* CVE-2021-43541 (bmo#1696685)
External protocol handler parameters were unescaped
* CVE-2021-43542 (bmo#1723281)
XMLHttpRequest error codes could have leaked the existence of
an external protocol handler
* CVE-2021-43543 (bmo#1738418)
Bypass of CSP sandbox directive when embedding
* CVE-2021-43545 (bmo#1720926)
Denial of Service when using the Location API in a loop
* CVE-2021-43546 (bmo#1737751)
Cursor spoofing could overlay user interface when native
cursor is zoomed
* CVE-2021-43528 (bmo#1742579)
JavaScript unexpectedly enabled for the composition area
* MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
bmo#1737009, bmo#1739372, bmo#1739421)
Memory safety bugs fixed in Thunderbird 91.4.0
-------------------------------------------------------------------
Thu Nov 25 20:25:29 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>

View File

@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 91
%define mainver %major.3.2
%define orig_version 91.3.2
%define mainver %major.4.0
%define orig_version 91.4.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:82cbb3bb06cccec4ca961fa3b44f04900ca1274b1b58c3f75fa2a3a227c8821b
size 28692036

3
l10n-91.4.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9581d0d2100170cdd918fa986c72b5c52dc925f69dafb6cbd29d17a371cf644d
size 28620444

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr91"
VERSION="91.3.2"
VERSION="91.4.0"
VERSION_SUFFIX=""
PREV_VERSION="91.3.1"
PREV_VERSION="91.3.2"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
RELEASE_TAG="c35def313c0c2bd0341e3e058f862f02390269c4"
RELEASE_TIMESTAMP="20211117150618"
RELEASE_TAG="ab6dfcf3a37bf53aac1a9d632d45ee51047050bb"
RELEASE_TIMESTAMP="20211203141721"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:37bedce79458531ce55806b194669f6e270e4bc3b0fa0949577af1822e57b11d
size 407454432

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGVfBkACgkQ6+QekPbx
L22N/RAAiJ2VXte196UfW8kF4cb1iOqqs5Nx5X5eMUN7dP3/BzwQ4cEbPKUqOA6H
7eY2ih4gdjS9Vso+ikP70bMTOyZf5yjL5wATvHuqIwtsx285eBreWOWdIQpaD20P
dGMXMXuCyUsw1PKsv4AUfDFJJNBqWDaHgIXLyEeUFly3U4yCRYvrP3p/zvCz6A3O
q54Qa9HANRyUfNirqXFVYrvPtNCTuR9sPRlXt6h48TICDHemca2mcI1M5ibzGye4
FzL0YwbQHO05sCfavYqPQH5XI4Ml1duk8rJr0x0B7VbXzpFpjbGwBf1dniLe0dLD
KHgN4p463ZWdpgshT9GPpMMaLJNkwRqt+Hdo1fP84NgMXZ7ISsEpwtTbhPdlOJTc
PQ6/AImWDpLvkOtIR9kpOFywF/1m1/vc5sW2+gsXAMe+Ln7AUslG0oKQV+U1kGpM
W3dAIYh0YGQYfeu+hVCqaikYvGibKdjb04KoG8FGqbwOhXa7EYbQIivflnxq6qgK
bfBAJdDii2gWkjn0GHVL6tkG+BLR9bK/zDRxbQ4EntOX7WGb1gztXf+4lJf38x0Y
z2oXKEL0Q9zlR0drNvEHSbzTb4gtrHMBOQSgssos9yRpGcv3dZrHUh6FYDUR/9FU
vhiMN2NkaimExjKvETStxXt8aYduicfiPvH08FO4EONl34xwkM8=
=FRQM
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3cb5280b32e66e178f37fd1b57cc4390f2c986ea4162972cc277c45a253de1a6
size 401512224

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmGriOoACgkQ6+QekPbx
L21RwA/+PMqc/8FZxCidkcU0mLyaYtngSqwtE9ghirZ2oJ/FbRdMreUiiJwgcuXi
X5x9QeByiKWJxoVBS+DrSDbUV3X9+BmstTX0RvMyVqKnWw1GQLBY49II1CY3PM3y
L0Y+vtUGDXpL4v/M2f6KIQsQKe0q2Sucozt9MNZKfdQtqKAJXWTVsx7nxKfzrrQm
hEfLsRwHJtDVBQmh7Cij+96NxRnw+gdmca5PXuqajiUV5ZAl/LyfyxHZ56Figg07
R0I3UjQekaWK10KtiM9cH4drCnGWsM/ihjutbtKGG4tOKraWkfe3P/pPEiGNjh9T
rs3+yhkPbHn5bGX2n186ZJt1u/5vSF6nkkcj0Oagek9dHxl+yJM89vk0Uluiu4V/
HLKTgoTfFOHYv9rLodL8/cm7Z7BmeSzJwYffuEPU46J/rzsBR3SeLUtwOd5R594/
L60K0Dyo7d/bftuOwtT6jdaPk7Qc5IlSCpq520fLLzJPYIUScnEiwwZJH2ZLHP88
rDRWT1Nv6omRVaXSv0zU9B8fXQr6TX+yAFe0kQW1a9JBhJDJCxu9QeIHEX26BC+F
lyBAVlTbhlVaFQVJUSGq2rjGYGny2c9zUJ7c/oDGaDGKXSsgyRXgvGOKqIw1+cFo
S/5pPa6yeCWtoO4yk1Cw2Ybk/EIA52DlON/3DGtxi5eYtvWDiis=
=QIzD
-----END PGP SIGNATURE-----