- Mozilla Thunderbird 102.14.0

MFSA 2023-32 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=712
2023-08-03 04:29:56 +00:00 · 2023-08-03 04:29:56 +00:00 · da50d4ab72
commit da50d4ab72
parent a858e257a4
8 changed files with 51 additions and 25 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Aug  1 20:15:02 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 102.14.0
+  MFSA 2023-32 (bsc#1213746)
+  * CVE-2023-4045 (bmo#1833876)
+    Offscreen Canvas could have bypassed cross-origin restrictions
+  * CVE-2023-4046 (bmo#1837686)
+    Incorrect value used during WASM compilation
+  * CVE-2023-4047 (bmo#1839073)
+    Potential permissions request bypass via clickjacking
+  * CVE-2023-4048 (bmo#1841368)
+    Crash in DOMParser due to out-of-memory conditions
+  * CVE-2023-4049 (bmo#1842658)
+    Fix potential race conditions when releasing platform objects
+  * CVE-2023-4050 (bmo#1843038)
+    Stack buffer overflow in StorageManager
+  * CVE-2023-4054 (bmo#1840777)
+    Lack of warning when opening appref-ms files
+  * CVE-2023-4055 (bmo#1782561)
+    Cookie jar overflow caused unexpected cookie jar state
+  * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
+    bmo#1842325, bmo#1843847)
+    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
+    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
+
 -------------------------------------------------------------------
 Tue Jul 25 06:56:46 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>

--- a/MozillaThunderbird.spec
+++ b/MozillaThunderbird.spec
@ -29,8 +29,8 @@
 # major 69
 # mainver %major.99
 %define major          102
-%define mainver        %major.13.1
-%define orig_version   102.13.1
+%define mainver        %major.14.0
+%define orig_version   102.14.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}
--- a/l10n-102.14.0.tar.xz
+++ b/l10n-102.14.0.tar.xz
--- a/8
+++ b/8
@ -1,10 +1,10 @@
 PRODUCT="thunderbird"
 CHANNEL="esr102"
-VERSION="102.13.1"
+VERSION="102.14.0"
 VERSION_SUFFIX=""
-PREV_VERSION="102.13.0"
+PREV_VERSION="102.13.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"
-RELEASE_TAG="c1181d5307e80c773d3d2781b18f7bdd2353d66d"
-RELEASE_TIMESTAMP="20230724161345"
+RELEASE_TAG="d83d81499d87f2360995ae0448fcaa40e0cd106a"
+RELEASE_TIMESTAMP="20230801134847"
--- a/thunderbird-102.13.1.source.tar.xz
+++ b/thunderbird-102.13.1.source.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:614e60ae1839a7faf38a4d471026694efef2c7984ed3756f92bd977a610bb9f2
-size 502958888
--- a/thunderbird-102.13.1.source.tar.xz.asc
+++ b/thunderbird-102.13.1.source.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmS+z1YACgkQ4207E/PZ
-MnQy6hAAx2l7MellCz2N35lqxgLf1xVvzjGjq+LJ5gdqwQTrAkIgmFVM1LQtM91a
-QFkyUl4D19A5GlDe7IPnfQMcra3FLvMXSY0bktS4GWJLZNJYmUU9MYlwrzMXUlkn
-HQv5kqBv3ZCc8MoGi7pQSOKYxb7T2Lbc6ryR5rK0OG9FTjBkF/2wUcHwg8w4xjlp
-NvWy5+gbWGAaIpSWPNZnMSfwidn2Kf0oQ58pQ4blOf3L5n0CqhSDmcDUVn01+GwP
-iclNhdu6ij+duVWC/O637mqE6d4Q6bfYiiROv2dkkhNFNoQirjedi2gyqLNkHRDB
-bFw5fui9PBs9bzlWYhJytkncTtjmqGrokl9HrVspdcDif37BN3wCn1Zh3IRTxj3m
-dI2aCjHbW2YUjP0M2Ml19QNZB3/oageuQ1P0f6EeAtueyOnqysC5nnckG72Wd1y3
-EGOvcBUtg0kB/X3aJHCyKvjhunnm+DwaUyEuLRegF4TvgeIEPEKDK/G2zRJrCKyk
-vbprdiPtqJjn4aghAXmhmmmydoUckHf7YTs5MW66TRHSPgp1hT+/q9x1E0+GV6X/
-4SFSNelQNnKPNnnwVkklS2IXpq8bl/xQ/NOfhbOLjqitdgYcaAQqVcksJjaB1AdV
-CXAOWfrzlGRIRn1oXDsn9TfSrRi5y48ual+xmwP73kyWOQsc6IU=
-=pbLy
-----END PGP SIGNATURE-----
--- a/thunderbird-102.14.0.source.tar.xz
+++ b/thunderbird-102.14.0.source.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68514ac2e196b3526588b2957f2ab51b99b366af497fe13d1518a52bf8298c83
+size 502877912
--- a/thunderbird-102.14.0.source.tar.xz.asc
+++ b/thunderbird-102.14.0.source.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEErdcHlHlwDcrf3VM34207E/PZMnQFAmTJLHwACgkQ4207E/PZ
+MnTDMQ//RP0i4TeYipFmuih2+ae5mNjSCuRCsH3Cq+eOXT4l1vr79PCRcWQwDjJN
+R4JDfxSE8eUkVEHmoj11TySXFRHRCNOKRIKveRHayGJSn54SMt9aHHicqbZGDdjp
+BjESw8ZVlS9u+9TVWGK3Ah0roHBr9oSHxeC3Pj5VtAwz5Bb3RSimMnArk3V8b7dB
+oZLZfbm5bWeuL26mhias8NZS3aINDvNLRHyVBOiIHKCODIFh2Upql9NPhSpCmV0x
+PXEc2QGozNXnbfNoOcwoBHcrsAeFdqjv6/gVRLIqa9hQ7uhiXjGaG3vJrRzwP9hM
+2kFgCcGisnZDWTs1KOhGTEBezcqIQ+p1OSu/NbfrRKQmnUo0bV3+eqIvwQA2dao8
+wuzps9IBKdZwVDNC6CFIgOzTVimCg99SvcmFu2PxjjJauTgZ6Hrva5C/4vddBkyl
+oignfiDU6+sVK2Prfz44ydHo8ZUdjxz31xfSxFObHEfySkdDTE0UvNUHWU++g+Ci
+E0AqbwvNk3SuFfuQirnan/dJlstPGVjxZB8bfc2WG4Qz/z6vrygB0oKzbu2nuPXM
+FWC/NQkpMoBB7eXcZA8vIK81DSkk/vPiZ/CjYDjQqaZxnRxaZtWLbfqOgHfBTLDx
+kjQh+AdS1unHJE0DhHq5mGGFtCmhyNgh9uk5wJbyseuTGYzgOKw=
+=K3lJ
+-----END PGP SIGNATURE-----