Accepting request 443018 from home:AndreasStieger:branches:mozilla:Factory

- Mozilla Thunderbird 45.5.1:
  * CVE-2016-9079: SVG Animation Remote Code Execution
                   (MFSA 2016-92, bsc#1012964, bmo#1321066)

OBS-URL: https://build.opensuse.org/request/show/443018
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=343

MozillaThunderbird.changes

@@ -1,7 +1,27 @@
+-------------------------------------------------------------------
+Thu Dec  1 09:58:57 UTC 2016 - astieger@suse.com
+
+- Mozilla Thunderbird 45.5.1:
+  * CVE-2016-9079: SVG Animation Remote Code Execution
+                   (MFSA 2016-92, bsc#1012964, bmo#1321066)
+
 -------------------------------------------------------------------
 Sat Nov 19 14:20:05 UTC 2016 - astieger@suse.com
 
 - Mozilla Thunderbird 45.5.0 (boo#1009026)
+  * Fixes for security flaws that cannot be exploited through email
+    because scripting is disabled when reading mail, but are
+    potentially risks in browser or browser-like contexts:
+    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+                   (bsc#1010411)
+    CVE-2016-5297: Incorrect argument length checking in Javascript
+                   (bsc#1010401)
+    CVE-2016-9066: Integer overflow leading to a buffer overflow in
+                   nsScriptLoadHandler (bsc#1010404)
+    CVE-2016-5291: Same-origin policy violation using local HTML file
+                   and saved shortcut file (bsc#1010410)
+    CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5  
+                   (bsc#1010427)
 - Changed behavior:
   * Changed recipient address entry: Arrow-keys now copy the pop-up
     value to the input field. Mouse-hovered pop-up value can no

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 45.5.0
+%define mainversion 45.5.1
 %define update_channel release
-%define releasedate 2016111800
+%define releasedate 2016113000
 
 %if %suse_version > 1310
 %define gstreamer_ver 1.0

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:097a712248bffaf0a764acbe49c015d255c79481f8ed1eeb9f6dbcbe4c310b5e
-size 28516
+oid sha256:fc7ce1f99172c4b1aa55d53d5020d8857037a877f1a4451e076b0fc5c8e0b8c3
+size 28456

create-tar.sh

@@ -2,8 +2,8 @@
 
 CHANNEL="esr45"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="THUNDERBIRD_45_5_0_RELEASE"
-VERSION="45.5.0"
+RELEASE_TAG="THUNDERBIRD_45_5_1_RELEASE"
+VERSION="45.5.1"
 
 echo "cloning $BRANCH..."
 hg clone http://hg.mozilla.org/$BRANCH thunderbird

l10n-45.5.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f1ad0e667360ad8e7cb66c2d47bc71055e6de017c81ac3b6f46313dd9cc91f9f
-size 24346464

l10n-45.5.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:124b78fc0a49add15d01687e15ffb439c30d5b9f307d1612653a9b56f25b37bd
+size 24297980

thunderbird-45.5.0-source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4b367678f8a81972cddaf67e792ca3c18bd30c811a33e636afa4ab1c881832c8
-size 212468844

thunderbird-45.5.1-source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:663705df0c2b5432e9238eae17dfa8bb25b307370f6686da1305fa23bfde5bd5
+size 212479860