- Mozilla Thunderbird 78.6.0

* changes and additions in MailExtensions
  * several bugfixes
  * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
  MFSA 2020-56 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-35111 (bmo#1657916)
    The proxy.onRequest API did not catch view-source URLs
  * CVE-2020-35112 (bmo#1661365)
    Opening an extension-less download may have inadvertently
    launched an executable instead
  * CVE-2020-35113 (bmo#1664831, bmo#1673589)
    Memory safety bugs fixed in Thunderbird 78.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=568
This commit is contained in:
Wolfgang Rosenauer 2020-12-15 22:24:07 +00:00 committed by Git OBS Bridge
parent b0432050ce
commit d604cb9fa9
9 changed files with 57 additions and 28 deletions

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Sat Dec 12 10:25:08 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 78.6.0
* changes and additions in MailExtensions
* several bugfixes
* https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
MFSA 2020-56 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Thunderbird 78.6
-------------------------------------------------------------------
Tue Dec 1 21:34:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>

View File

@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 78
%define mainver %major.5.1
%define orig_version 78.5.1
%define mainver %major.6.0
%define orig_version 78.6.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:70a191f497133377e1a2d890f6d9742046f44ae36475686fd7d1e1e867c73016
size 29083288

3
l10n-78.6.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea0feb7edc1f635e30748e84ad794eef90343c70a24b5743bd8d27f17d809564
size 29071884

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr78"
VERSION="78.5.1"
VERSION="78.6.0"
VERSION_SUFFIX=""
PREV_VERSION="78.5.0"
PREV_VERSION="78.5.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr78"
RELEASE_TAG="7bfb6e5797a4120c798eaa67a9cddd2846badcee"
RELEASE_TIMESTAMP="20201130232704"
RELEASE_TAG="18be92a3f0388fe1b69941a50cdbadbf2c95b885"
RELEASE_TIMESTAMP="20201211152611"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:17ec895e3dd435da49bfa30482e2397e644319b7f82890d2a947c95a5cb183c2
size 352743032

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/GEagACgkQ8aZmj7t9
Vy7vSQ//XMiC4558UcDh6rvpOeEqKqBipe/9ZAFMyoz3mXslYaQ9GM3OCA/hQ/Cu
cysidXQOreC1GGt9hDyZajrmHxmUJK9Yxxr3ZdJZ6YPU/PLP5QKAzcnGdQrKzkY7
Glw4j9fkJH+OLbXCvJ0vw3YWdWHnr5JM854Ovu9dCTntXAsvD1nIZs5pCkG1TUHM
0Js3YQl/5Zekp24SrvLkQT4VbYNwA9D/SfF2QwXkTQ79ENNYRmKS7rpL1JDYAYVj
i6gPniNXbvYHEitmHNMtrMDc4vVRYR5STyOTIZcMlTEoS/eZxP5udVFWN25H8bTU
WljLJmu1X1IoypmxMO5JKuI11snaW5OX4a3g8gUMGedvh3ua0YaPIgqSujfmfMxH
xuMYYCIQZASOmsH1niYpPyGTZHY4UlWGLROFUk8Dal24if57wjeoepWDWf3F0jcH
CITPrNSUUOvn+e2kZWsZ7HGzCe8p+xi9qVcZHx0OTV4fcMBqqczch6+D8DqauDx/
+/DCkW6H3KKW/ot8Onnz0pSqyfd/BYFkVom//lgdudxjaUoZw3maZ37xy/kUedXQ
KQ7m6YLERH8N2ch4674x8hO6YEGHxHjxJGo/osfKCeyyL66RMr0AgoTqAyN4RhKt
FXPa1Yv7U005HPM3F0D/12tMDnavll5t8Q6vNzZJNVV+ZzZoH3k=
=yBKB
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1dd6f9a4d88b4c3d0ec47bba60a891243ef95e105a9045b2d32e2b126779844b
size 353496712

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl/UFaYACgkQ8aZmj7t9
Vy7Zxw//SSXD2GtgG0ko3xNQwQ2ujCOI80OYig92+GkFr1xIOuz3xvE5cLbWnYIP
Vzc6qBgaBZr4MJKL4B0URTOLivwKDNQb7c84zbUWJKaf3XHBQW+jroltl0J3lfgn
CpMoY3ekyzZeWZ+o0N0zexGRb1dUEAyUG4GgWUdozLeLG4DO7w70x/iI2wDP4QQN
VxQo0cYtdfizdvjky1v96OEFic6JFrDnj9VDQSI97NX5EAr+sI+ihvPr2mDzn+IA
kSmXfDGvTOvkoz13heNE2BHX5XM1GMuWpkrNQzW5G4mp5on52z1uHHIYZqc49uip
2KDAGX9NJbIGCn2utcwtsEhq3jtstjnHS5HzaeYEK4mjifdtxygXiWJZoaPSVTx0
25ZjXI6LBJcuBKVZkvbEdR35nuA8Y83i/Jf7JtFoWlM/nyu+ElkW9gdvnmqYCPNp
0+0aEus0M0n5By+OxO9vF7Mm63z4Bj1YKnvU6+4s1d6G2HyICrNPZJ8IaDK3zj21
oERuECpbWwrYU8cramlxxnpJfqI4EjQ6ZaPz1q9j3U7eT1Vr5cw2KGct2E6aHE36
rUEgzO1TcZpGSWQUr1arDWePkCqHofUYsE15pjAFbBVF4Q9Ut3FKYUG6Jo0hbZJr
WKoQLzyxi0EGey5oiHiBnc+XOCr4ub1eujBf2uCciZHiZ7htr/E=
=RpOn
-----END PGP SIGNATURE-----