Commit Graph

816 Commits

Author SHA256 Message Date
Ana Guerrero
b59cbcd641 Accepting request 1207082 from mozilla:Factory
- Mozilla Thunderbird 128.3.1
  https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation

OBS-URL: https://build.opensuse.org/request/show/1207082
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=342
2024-10-11 15:02:38 +00:00
Wolfgang Rosenauer
1fd0463a82 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=773 2024-10-11 07:57:33 +00:00
Wolfgang Rosenauer
18f716d93a - Mozilla Thunderbird 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.0esr/releasenotes/
  and following release notes for minor version updates
  MFSA 2024-52  (bsc#1231413)
  * CVE-2024-9680 (bmo#1923344)
    Use-after-free in Animation timeline
  Mozilla Thunderbird 128.3.0
  MFSA 2024-32 (128.0)
  MFSA 2024-37 (128.1)
  MFSA 2024-43 (128.2)
  MFSA 2024-49 (128.3) (bsc#1230979)
  * CVE-2024-9392 (bmo#1899154, bmo#1905843)
    Compromised content process can bypass site isolation
  * CVE-2024-9393 (bmo#1918301)
    Cross-origin access to PDF contents through multipart responses
  * CVE-2024-9394 (bmo#1918874)
    Cross-origin access to JSON contents through multipart responses
  * CVE-2024-8900 (bmo#1872841)
    Clipboard write permission bypass
  * CVE-2024-9396 (bmo#1912471)
    Potential memory corruption may occur when cloning certain objects
  * CVE-2024-9397 (bmo#1916659)
    Potential directory upload bypass via clickjacking
  * CVE-2024-9398 (bmo#1881037)
    External protocol handlers could be enumerated via popups
  * CVE-2024-9399 (bmo#1907726)
    Specially crafted WebTransport requests could lead to denial
    of service
  * CVE-2024-9400 (bmo#1915249)
    Potential memory corruption during JIT compilation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=772
2024-10-11 05:22:34 +00:00
Ana Guerrero
929d950c92 Accepting request 1199551 from mozilla:Factory
- Mozilla Thunderbird 115.15.0
  MFSA 2024-44 (bsc#1229821)
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with"
    block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions

- Use gcc13 on Tumbleweed and where it is available.
- Don't use gcc14 as sources don't compile.

OBS-URL: https://build.opensuse.org/request/show/1199551
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=341
2024-09-09 12:45:07 +00:00
Wolfgang Rosenauer
96fa744639 - Mozilla Thunderbird 115.15.0
MFSA 2024-44 (bsc#1229821)
  * CVE-2024-8381 (bmo#1912715)
    Type confusion when looking up a property name in a "with"
    block
  * CVE-2024-8382 (bmo#1906744)
    Internal event interfaces were exposed to web content when
    browser EventHandler listener callbacks ran
  * CVE-2024-8384 (bmo#1911288)
    Garbage collection could mis-color cross-compartment objects
    in OOM conditions

- Use gcc13 on Tumbleweed and where it is available.
- Don't use gcc14 as sources don't compile.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=770
2024-09-09 06:51:08 +00:00
Dominique Leuenberger
1e3265442f Accepting request 1192519 from mozilla:Factory
- Mozilla Thunderbird 115.14.0
  * When using an external installation of GnuPG, Thunderbird
    occassionally sent/received corrupted messages (bmo#1898832)
  * Users of external GnuPG were unable to decrypt incorrectly
    encoded messages (bmo#1906903)
  MFSA 2024-38 (bsc#1228648)
  * CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts

OBS-URL: https://build.opensuse.org/request/show/1192519
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=340
2024-08-09 14:14:05 +00:00
Wolfgang Rosenauer
a523c0c1eb MFSA 2024-38 (bsc#1228648)
* CVE-2024-7519 (bmo#1902307)
    Out of bounds memory access in graphics shared memory handling
  * CVE-2024-7521 (bmo#1904644)
    Incomplete WebAssembly exception handing
  * CVE-2024-7522 (bmo#1906727)
    Out of bounds read in editor component
  * CVE-2024-7525 (bmo#1909298)
    Missing permission check when creating a StreamFilter
  * CVE-2024-7526 (bmo#1910306)
    Uninitialized memory used by WebGL
  * CVE-2024-7527 (bmo#1871303)
    Use-after-free in JavaScript garbage collection
  * CVE-2024-7529 (bmo#1903187)
    Document content could partially obscure security prompts

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=768
2024-08-08 06:18:03 +00:00
Wolfgang Rosenauer
e0c4462a11 115.14.0, with changelog added
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=767
2024-08-08 06:15:00 +00:00
Ana Guerrero
548d5068a2 Accepting request 1187370 from mozilla:Factory
- Mozilla Thunderbird 115.13.0
  * After starting Thunderbird, the message list position was
    sometimes set to an incorrect position
  MFSA 2024-30 (bsc#1226316)
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
    Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
    and Thunderbird 115.13

OBS-URL: https://build.opensuse.org/request/show/1187370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=339
2024-07-15 17:48:43 +00:00
Wolfgang Rosenauer
d30235b5b6 - Mozilla Thunderbird 115.13.0
* After starting Thunderbird, the message list position was
    sometimes set to an incorrect position
  MFSA 2024-30 (bsc#1226316)
  * CVE-2024-6600 (bmo#1888340)
    Memory corruption in WebGL API
  * CVE-2024-6601 (bmo#1890748)
    Race condition in permission assignment
  * CVE-2024-6602 (bmo#1895032)
    Memory corruption in NSS
  * CVE-2024-6603 (bmo#1895081)
    Memory corruption in thread creation
  * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
    Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
    and Thunderbird 115.13

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=765
2024-07-14 10:15:54 +00:00
Ana Guerrero
9cc5c44788 Accepting request 1185328 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1185328
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=338
2024-07-04 14:27:26 +00:00
Wolfgang Rosenauer
8ba563b611 Accepting request 1184892 from home:MSirringhaus:branches:mozilla:Factory
- Mozilla Thunderbird 115.12.2
  * fixed: Annual Thunderbird Beta appeal intended for
    Thunderbird 115.12.0 did not open as expected (bmo#1898084)
- Mozilla Thunderbird 115.12.1
  * 115.12.0 got pulled because of upstream automation process errors
    and Windows installer signing changes.
    No code changes, changelog is the same as 115.12.0 (bsc#1226495)
- Added thunderbird-fix-CVE-2024-34703.patch (bsc#1227239)

OBS-URL: https://build.opensuse.org/request/show/1184892
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=763
2024-07-04 07:50:23 +00:00
Ana Guerrero
12fa6354eb Accepting request 1181261 from mozilla:Factory
- Mozilla Thunderbird 115.12.0
  https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes
  MFSA 2024-28 (bsc#1226027)
  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12

OBS-URL: https://build.opensuse.org/request/show/1181261
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=337
2024-06-17 17:33:19 +00:00
Wolfgang Rosenauer
8e5843b066 - Mozilla Thunderbird 115.12.0
https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes
  MFSA 2024-28 (bsc#1226027)
  * CVE-2024-5702 (bmo#1193389)
    Use-after-free in networking
  * CVE-2024-5688 (bmo#1895086)
    Use-after-free in JavaScript object transplant
  * CVE-2024-5690 (bmo#1883693)
    External protocol handlers leaked by timing attack
  * CVE-2024-5691 (bmo#1888695)
    Sandboxed iframes were able to bypass sandbox restrictions to
    open a new window
  * CVE-2024-5692 (bmo#1891234)
    Bypass of file name restrictions during saving
  * CVE-2024-5693 (bmo#1891319)
    Cross-Origin Image leak via Offscreen Canvas
  * CVE-2024-5696 (bmo#1896555)
    Memory Corruption in Text Fragments
  * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123)
    Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12,
    and Thunderbird 115.12

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=761
2024-06-17 08:14:14 +00:00
Ana Guerrero
5e31e2142b Accepting request 1179943 from mozilla:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1179943
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=336
2024-06-11 16:31:01 +00:00
Wolfgang Rosenauer
642c037730 - Mozilla Thunderbird 115.11.1
* Added a short anonymous survey that a small number of users will
    be randomly asked to complete

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=759
2024-06-04 07:15:57 +00:00
Ana Guerrero
7c82cf4bcb Accepting request 1175556 from mozilla:Factory
- Mozilla Thunderbird 115.11.0
  MFSA 2024-23 (bsc#1224056)
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
    and Thunderbird 115.11

OBS-URL: https://build.opensuse.org/request/show/1175556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=335
2024-05-21 16:37:20 +00:00
Wolfgang Rosenauer
c53405a61a - Mozilla Thunderbird 115.11.0
MFSA 2024-23 (bsc#1224056)
  * CVE-2024-4367 (bmo#1893645)
    Arbitrary JavaScript execution in PDF.js
  * CVE-2024-4767 (bmo#1878577)
    IndexedDB files retained in private browsing mode
  * CVE-2024-4768 (bmo#1886082)
    Potential permissions request bypass via clickjacking
  * CVE-2024-4769 (bmo#1886108)
    Cross-origin responses could be distinguished between script
    and non-script content-types
  * CVE-2024-4770 (bmo#1893270)
    Use-after-free could occur when printing to PDF
  * CVE-2024-4777 (bmo#1878199, bmo#1893340)
    Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
    and Thunderbird 115.11

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=757
2024-05-17 13:37:32 +00:00
Ana Guerrero
0763350234 Accepting request 1171966 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1171966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=334
2024-05-06 15:52:58 +00:00
Wolfgang Rosenauer
bb96f838d2 Accepting request 1171925 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.10.2

OBS-URL: https://build.opensuse.org/request/show/1171925
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=755
2024-05-05 09:06:17 +00:00
Ana Guerrero
94e186235a Accepting request 1169354 from mozilla:Factory
- Mozilla Thunderbird 115.10.1
  https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
  * fixed hangup introduced with 115.10.0 (bmo#1891889)

- Mozilla Thunderbird 115.10.0
  https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3302 (bmo#1881183)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10

OBS-URL: https://build.opensuse.org/request/show/1169354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=333
2024-04-21 18:27:23 +00:00
Wolfgang Rosenauer
ecbf912dc5 - Mozilla Thunderbird 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
  * fixed hangup introduced with 115.10.0 (bmo#1891889)

- Mozilla Thunderbird 115.10.0
  https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3302 (bmo#1881183)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=753
2024-04-20 13:14:08 +00:00
Ana Guerrero
d92bff57c9 Accepting request 1160556 from mozilla:Factory
- LLVM18 breaks building Thunderbird on Tumbleweed; add
  * mozilla-fix-issues-with-llvm18.patch

- Mozilla Thunderbird 115.9.0
  https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9

OBS-URL: https://build.opensuse.org/request/show/1160556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=332
2024-03-22 14:21:37 +00:00
Wolfgang Rosenauer
3ba157ec15 - LLVM18 breaks building Thunderbird on Tumbleweed; add
* mozilla-fix-issues-with-llvm18.patch

- Mozilla Thunderbird 115.9.0
  https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=751
2024-03-22 07:53:18 +00:00
Dominique Leuenberger
a874894d44 Accepting request 1155826 from mozilla:Factory
- Mozilla Thunderbird 115.8.1
  https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
  MFSA 2024-11
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations

OBS-URL: https://build.opensuse.org/request/show/1155826
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=331
2024-03-07 17:30:09 +00:00
Wolfgang Rosenauer
4388f6b916 - Mozilla Thunderbird 115.8.1
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
  MFSA 2024-11
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=749
2024-03-07 08:26:29 +00:00
Ana Guerrero
0e6aab1e2d Accepting request 1150520 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1150520
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=330
2024-02-26 18:45:04 +00:00
Wolfgang Rosenauer
d3a997ecec Accepting request 1150189 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.8.0

OBS-URL: https://build.opensuse.org/request/show/1150189
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=747
2024-02-25 21:23:03 +00:00
Ana Guerrero
e3fe8edab3 Accepting request 1141172 from mozilla:Factory
- Mozilla Thunderbird 115.7.0
  https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7

OBS-URL: https://build.opensuse.org/request/show/1141172
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=329
2024-01-24 18:05:45 +00:00
Wolfgang Rosenauer
b28fc45f13 - Mozilla Thunderbird 115.7.0
https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=745
2024-01-24 08:26:57 +00:00
Ana Guerrero
8b936efa7d Accepting request 1138352 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/1138352
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=328
2024-01-12 22:46:51 +00:00
Wolfgang Rosenauer
dc40555405 Accepting request 1137913 from home:MSirringhaus:branches:mozilla:Factory
(untested) Mozilla Thunderbird 115.6.1

OBS-URL: https://build.opensuse.org/request/show/1137913
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=743
2024-01-12 16:08:01 +00:00
Ana Guerrero
7a4d4e067c Accepting request 1134147 from mozilla:Factory
- Mozilla Thunderbird 115.6.0
  https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
  * Message selection misbehaved after selecting a sub-message in an
    expanded thread, collapsing the thread, then pressing up/down to
    move selection
  * Thunderbird now attempts to reconnect on a new connection after
    SMTP 4xx errors
  * HTML FileLink attachments used the wrong encoding
  MFSA 2023-55 (bsc#1217230)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)

OBS-URL: https://build.opensuse.org/request/show/1134147
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=327
2023-12-20 20:02:30 +00:00
Wolfgang Rosenauer
bbc012a208 - Mozilla Thunderbird 115.6.0
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
  * Message selection misbehaved after selecting a sub-message in an
    expanded thread, collapsing the thread, then pressing up/down to
    move selection
  * Thunderbird now attempts to reconnect on a new connection after
    SMTP 4xx errors
  * HTML FileLink attachments used the wrong encoding
  MFSA 2023-55 (bsc#1217230)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=741
2023-12-20 08:34:54 +00:00
Ana Guerrero
68aa3a7dc3 Accepting request 1132769 from mozilla:Factory
- Mozilla Thunderbird 115.5.2
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/

OBS-URL: https://build.opensuse.org/request/show/1132769
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=326
2023-12-13 17:35:07 +00:00
Wolfgang Rosenauer
bd13e76487 - Mozilla Thunderbird 115.5.2
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=739
2023-12-12 22:10:43 +00:00
Ana Guerrero
afd0637e40 Accepting request 1129733 from mozilla:Factory
- Mozilla Thunderbird 115.5.1
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes
  * Advanced GnuPG keys may be protected with an unexpected passphrase
  * OpenPGP signatures rejected due to mismatched signature timestamp
    now display signature timestamp and clarifying message
  * Advanced address book search did not return results if display name
    was left blank
  * Clicking on attendee when inviting attendees added the attendee twice

OBS-URL: https://build.opensuse.org/request/show/1129733
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=325
2023-11-29 20:21:06 +00:00
Wolfgang Rosenauer
5835378f85 - Mozilla Thunderbird 115.5.1
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes
  * Advanced GnuPG keys may be protected with an unexpected passphrase
  * OpenPGP signatures rejected due to mismatched signature timestamp
    now display signature timestamp and clarifying message
  * Advanced address book search did not return results if display name
    was left blank
  * Clicking on attendee when inviting attendees added the attendee twice

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=737
2023-11-29 07:32:44 +00:00
Ana Guerrero
9e1f2838a9 Accepting request 1128271 from mozilla:Factory
- Mozilla Thunderbird 115.5.0
  https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes
  MFSA 2023-52 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072,
    bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5

OBS-URL: https://build.opensuse.org/request/show/1128271
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=324
2023-11-23 20:41:38 +00:00
Wolfgang Rosenauer
480e0302f0 MFSA 2023-52 (bsc#1217230)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=735
2023-11-23 08:16:17 +00:00
Wolfgang Rosenauer
55bb2ec82a - Mozilla Thunderbird 115.5.0
https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes
  MFSA 2023-52 (bsc#)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072,
    bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=734
2023-11-23 08:14:02 +00:00
Ana Guerrero
bd0ee26f99 Accepting request 1126791 from mozilla:Factory
- Mozilla Thunderbird 115.4.3
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1126791
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=323
2023-11-16 19:28:43 +00:00
Wolfgang Rosenauer
328f51e3db - Mozilla Thunderbird 115.4.3
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=732
2023-11-16 09:04:06 +00:00
Ana Guerrero
f1ace80360 Accepting request 1124229 from mozilla:Factory
- Mozilla Thunderbird 115.4.2
  https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes
- build using rust/cargo 1.72 (1.69 about to be dropped from Factory)

OBS-URL: https://build.opensuse.org/request/show/1124229
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=322
2023-11-08 21:18:54 +00:00
Wolfgang Rosenauer
1bac4101c8 - Mozilla Thunderbird 115.4.2
https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes
- build using rust/cargo 1.72 (1.69 about to be dropped from Factory)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=730
2023-11-08 12:10:27 +00:00
Ana Guerrero
759308472e Accepting request 1120173 from mozilla:Factory
- Mozilla Thunderbird 115.4.1
  https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
    bmo#1855306, bmo#1855640, bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- removed obsolete mozilla-bmo1846703.patch

- Mozilla Thunderbird 115.3.3
  * fixed: "Folder Location" toolbar button did not work for
    local folders (bmo#1843979)

OBS-URL: https://build.opensuse.org/request/show/1120173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=321
2023-10-25 16:03:34 +00:00
Wolfgang Rosenauer
62f65fe0ea - Mozilla Thunderbird 115.4.1
https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
    bmo#1855306, bmo#1855640, bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- removed obsolete mozilla-bmo1846703.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=728
2023-10-25 06:36:45 +00:00
Wolfgang Rosenauer
f4ecfaed93 Accepting request 1120115 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Thunderbird 115.3.3

OBS-URL: https://build.opensuse.org/request/show/1120115
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=727
2023-10-24 21:00:55 +00:00
Ana Guerrero
5356bd4c50 Accepting request 1116802 from mozilla:Factory
- Mozilla Thunderbird 115.3.2
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes

OBS-URL: https://build.opensuse.org/request/show/1116802
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaThunderbird?expand=0&rev=320
2023-10-11 21:54:45 +00:00
Wolfgang Rosenauer
6c4666a6b7 - Mozilla Thunderbird 115.3.2
Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=725
2023-10-11 06:35:40 +00:00