pool/MozillaThunderbird
SHA256
14
0
Fork 3
Code Issues Pull Requests Activity

Commit Graph

  • f91a02e718 Accepting request 978422 from mozilla:Factory Dominique Leuenberger 2022-05-23 13:51:30 +00:00
  • 71256c3fd4 - Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768) * CVE-2022-1802 (bmo#1770137) Prototype pollution in Top-Level Await implementation * CVE-2022-1529 (bmo#1770048) Untrusted input used in JavaScript object indexing, leading to prototype pollution Wolfgang Rosenauer 2022-05-21 12:43:04 +00:00
  • 619a75083d Accepting request 975202 from mozilla:Factory Dominique Leuenberger 2022-05-06 16:58:18 +00:00
  • e48927244d - Mozilla Thunderbird 91.9.0 * A warning is now displayed if an OpenPGP key has unsafe attributes that are ignored * OpenPGP integration in Thunderbird 91.8.0 and 91.8.1 did not allow SHA-1 key signatures * CalDAV calendars were marked read-only on startup MFSA 2022-18 (bsc#1198970) * CVE-2022-1520 (bmo#1745019) Incorrect security status shown after viewing an attached email * CVE-2022-29914 (bmo#1746448) Fullscreen notification bypass using popups * CVE-2022-29909 (bmo#1755081) Bypassing permission prompt in nested browsing contexts * CVE-2022-29916 (bmo#1760674) Leaking browser history with CSS variables * CVE-2022-29911 (bmo#1761981) iframe sandbox bypass * CVE-2022-29912 (bmo#1692655) Reader mode bypassed SameSite cookies * CVE-2022-29913 (bmo#1764778) Speech Synthesis feature not properly disabled * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620) Memory safety bugs fixed in Thunderbird 91.9 Wolfgang Rosenauer 2022-05-05 13:20:25 +00:00
  • aa055e1ac5 Accepting request 970866 from mozilla:Factory Dominique Leuenberger 2022-04-22 19:52:46 +00:00
  • 485ca3d99f - Mozilla Thunderbird 91.8.1 * CLIENTID extension to SMTP was not supported by smtp-js# * Additional SMTP errors now propagated to user * OpenPGP was not able to use some previously supported key types * OpenPGP Key Manager did not always display correct information after importing additional IDs * Duplicate new mail notifications could be displayed when server-side filters were in use * Cancelling an SMTP password entry resulted in multiple failure dialogs being displayed - Mozilla Thunderbird 91.8.0 * Google accounts using password authentication will be migrated to OAuth2. * bugfixes https://www.thunderbird.net/en-US/thunderbird/91.8.0/releasenotes MFSA 2022- (bsc#1197903) - update create-tar.sh Wolfgang Rosenauer 2022-04-19 15:06:55 +00:00
  • 6031a905f5 Accepting request 969350 from mozilla:Factory Dominique Leuenberger 2022-04-14 15:23:29 +00:00
  • f67dab94c7 Accepting request 969338 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2022-04-12 08:22:14 +00:00
  • 830dc226c0 Accepting request 964779 from mozilla:Factory Dominique Leuenberger 2022-03-28 14:59:57 +00:00
  • dddae6adff Accepting request 962487 from home:dirkmueller:Factory Wolfgang Rosenauer 2022-03-18 19:19:54 +00:00
  • c47788c2ac Accepting request 960657 from mozilla:Factory Dominique Leuenberger 2022-03-13 19:24:29 +00:00
  • bcdb022bb0 - Mozilla Thunderbird 91.7.0 * Thunderbird will use the first occurrence of headers that should only appear once * Auto-complete incorrectly changed a pasted email address to the primary address of a contact * Attachments with filename extensions that were not registered in MIME types could not be opened * Copy/Cut/Paste actions not working in Thunderbird Preferences * Improved screen reader support of displayed message headers MFSA 2022-12 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26386 (bmo#1752396) Temporary files downloaded to /tmp and accessible by other local users Wolfgang Rosenauer 2022-03-09 10:34:57 +00:00
  • 5c26ec22f2 Accepting request 955596 from mozilla:Factory Dominique Leuenberger 2022-02-18 22:02:38 +00:00
  • 260a0409e1 MFSA 2022-07 (bsc#1196072) Wolfgang Rosenauer 2022-02-17 09:38:37 +00:00
  • 82981dade8 - Mozilla Thunderbird 91.6.1 * generated views of meeting invitations are now expanded by default * Emails were not downloading at startup under some conditions * Port numbers were not shown in "Confirm Security Exception" dialog for CalDAV connections MFSA 2022-07 * CVE-2022-0566 (bmo#1753094) Crafted email could trigger an out-of-bounds write Wolfgang Rosenauer 2022-02-16 07:53:13 +00:00
  • cdf682b923 Accepting request 953831 from mozilla:Factory Dominique Leuenberger 2022-02-13 18:50:37 +00:00
  • 5e8c474a19 - Mozilla Thunderbird 91.6.0 * TB will now offer to send large forwarded attachments via FileLink * Partially signed unencrypted messages displayed an incorrect "parrtially encrypted" notification * Attachments filenames were not sanitized before saving to disk * In the attachment bar, the "Import OpenPGP Key" item displayed for public keys displayed an error and did not import the key * "Open with" attachment dialog did not have a selected radio button option MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state Wolfgang Rosenauer 2022-02-11 22:30:53 +00:00
  • 581199f38e Accepting request 949349 from mozilla:Factory Dominique Leuenberger 2022-01-29 20:01:01 +00:00
  • c34bf76e06 - Mozilla Thunderbird 91.5.1 * JS LDAP implementation did not support self-signed SSL certificates * After saving a draft and subsequently sending a FileLink email, the original file was removed from disk * Chat OTR encryption did not work * OTR verification bar was not removed after completing verification * Various theme improvements Wolfgang Rosenauer 2022-01-26 22:00:35 +00:00
  • 2b26512461 Accepting request 947696 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2022-01-21 22:40:32 +00:00
  • 84d0abbef4 Accepting request 945701 from mozilla:Factory Dominique Leuenberger 2022-01-12 23:22:14 +00:00
  • ed5ea29202 - Mozilla Thunderbird 91.5.0 https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes MFSA 2022-03 (bsc#1194547) * CVE-2022-22746 (bmo#1735071) Calling into reportValidity could have lead to fullscreen window spoof * CVE-2022-22743 (bmo#1739220) Browser window spoof using fullscreen mode * CVE-2022-22742 (bmo#1739923) Out-of-bounds memory access when inserting text in edit mode * CVE-2022-22741 (bmo#1740389) Browser window spoof using fullscreen mode * CVE-2022-22740 (bmo#1742334) Use-after-free of ChannelEventQueue::mOwner * CVE-2022-22738 (bmo#1742382) Heap-buffer-overflow in blendGaussianBlur * CVE-2022-22737 (bmo#1745874) Race condition when playing audio files * CVE-2021-4140 (bmo#1746720) Iframe sandbox bypass with XSLT * CVE-2022-22748 (bmo#1705211) Spoofed origin on external protocol launch dialog * CVE-2022-22745 (bmo#1735856) Leaking cross-origin URLs through securitypolicyviolation event * CVE-2022-22744 (bmo#1737252) The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection * CVE-2022-22747 (bmo#1735028) Crash when handling empty pkcs7 sequence * CVE-2022-22739 (bmo#1744158) Wolfgang Rosenauer 2022-01-11 22:11:21 +00:00
  • 4188f5049a Accepting request 943034 from mozilla:Factory Dominique Leuenberger 2021-12-30 14:55:28 +00:00
  • 794263a781 Accepting request 943031 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2021-12-29 09:35:12 +00:00
  • dea0b95075 Accepting request 941707 from mozilla:Factory Dominique Leuenberger 2021-12-22 19:17:42 +00:00
  • 0dadd2459b - Mozilla Thunderbird 91.4.1 * several fixes as outlined here https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/ MFSA 2021-55 (bsc#1193845) * CVE-2021-4126 (bmo#1732310) OpenPGP signature status doesn't consider additional message content * CVE-2021-44538 (bmo#1744056) Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow - updated _constraints Wolfgang Rosenauer 2021-12-20 21:55:16 +00:00
  • 0c16f1e785 Accepting request 936365 from mozilla:Factory Dominique Leuenberger 2021-12-11 23:56:10 +00:00
  • a14190f4f1 - Mozilla Thunderbird 91.4.0 * several fixes as outlined here https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes MFSA 2021-54 (bsc#1193485) * CVE-2021-43536 (bmo#1730120) URL leakage when navigating while executing asynchronous function * CVE-2021-43537 (bmo#1738237) Heap buffer overflow when using structured clone * CVE-2021-43538 (bmo#1739091) Missing fullscreen and pointer lock notification when requesting both * CVE-2021-43539 (bmo#1739683) GC rooting failure when calling wasm instance methods * CVE-2021-43541 (bmo#1696685) External protocol handler parameters were unescaped * CVE-2021-43542 (bmo#1723281) XMLHttpRequest error codes could have leaked the existence of an external protocol handler * CVE-2021-43543 (bmo#1738418) Bypass of CSP sandbox directive when embedding * CVE-2021-43545 (bmo#1720926) Denial of Service when using the Location API in a loop * CVE-2021-43546 (bmo#1737751) Cursor spoofing could overlay user interface when native cursor is zoomed * CVE-2021-43528 (bmo#1742579) JavaScript unexpectedly enabled for the composition area * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, bmo#1737009, bmo#1739372, bmo#1739421) Wolfgang Rosenauer 2021-12-07 21:16:26 +00:00
  • 2586d6fed9 Accepting request 935066 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-12-02 08:34:58 +00:00
  • 38d59e02c4 Accepting request 934032 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2021-11-30 07:53:39 +00:00
  • 3f64f2e29a Accepting request 932690 from mozilla:Factory Dominique Leuenberger 2021-11-23 21:09:58 +00:00
  • e5380b41d0 - Mozilla Thunderbird 91.3.2 * Date selection in Calendar print settings widget changed to use mini calendar widget * Bugfixes as outlined in release notes https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/ Wolfgang Rosenauer 2021-11-20 22:24:01 +00:00
  • 0925e9ee97 Accepting request 929062 from mozilla:Factory Dominique Leuenberger 2021-11-06 17:13:26 +00:00
  • 9908ef8381 * several fixes as outlined here https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/ MFSA 2021-50 (bsc#1192250) * CVE-2021-38503 (bmo#1729517) iframe sandbox rules did not apply to XSLT stylesheets * CVE-2021-38504 (bmo#1730156) Use-after-free in file picker dialog * CVE-2021-38505 (bmo#1730194) Windows 10 Cloud Clipboard may have recorded sensitive user data * CVE-2021-38506 (bmo#1730750) Thunderbird could be coaxed into going into fullscreen mode without notification or warning * CVE-2021-38507 (bmo#1730935) Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * MOZ-2021-0008 (bmo#1667102) Use-after-free in HTTP2 Session object * CVE-2021-38508 (bmo#1366818) Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * CVE-2021-38509 (bmo#1718571) Javascript alert box could have been spoofed onto an arbitrary domain * CVE-2021-38510 (bmo#1731779) Download Protections were bypassed by .inetloc files on Mac OS * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, bmo#1735152) Memory safety bugs fixed in Thunderbird ESR 91.3 Wolfgang Rosenauer 2021-11-03 16:44:34 +00:00
  • 7db3c542e4 - Mozilla Thunderbird 91.3.0 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires Wolfgang Rosenauer 2021-11-02 20:49:23 +00:00
  • 62fc14d3bc Accepting request 927299 from mozilla:Factory Dominique Leuenberger 2021-10-26 18:13:32 +00:00
  • 54d0229e37 Accepting request 927260 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2021-10-25 12:09:26 +00:00
  • d9c01b1222 - Mozilla Thunderbird 91.2.1 * Preference added to disable automatic pausing RSS feed updates after a fetch failure * several bugfixes as outlined in release notes https://www.thunderbird.net/en-US/thunderbird/91.2.1/releasenotes/ Wolfgang Rosenauer 2021-10-23 12:56:24 +00:00
  • e41c1dbb9c Accepting request 926797 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2021-10-22 21:24:06 +00:00
  • 28379a3e36 Accepting request 924567 from mozilla:Factory Dominique Leuenberger 2021-10-12 19:48:29 +00:00
  • 7ec63b2a47 - Mozilla Thunderbird 91.2.0 * Saving a single message as .eml now uses a unique filename * New mail notifications did not properly take subfolders into account * Decrypting binary attachments when using an external GnuPG configuration failed * Account name fields in the account manager were not big enough for long names * LDAP searches using an extensibleMatch filter returned no results * Read-only CalDAV calendars and CardDAV address books were not detected * Multipart messages containing a calendar invite did not display any of the human-readable alternatives * Some calendar days were displayed incorrectly or duplicated (eg. two "29th" days of a particular month) * Phantom event was shown at the end of each day in Calendar week view MFSA 2021-46 (bsc#1191332) * CVE-2021-38496 (bmo#1725335) Use-after-free in MessageTask * CVE-2021-38497 (bmo#1726621) Validation message could have been overlaid on another origin * CVE-2021-38498 (bmo#1729642) Use-after-free of nsLanguageAtomService object * CVE-2021-32810 (bmo#1729813, https://github.com/crossbeam- rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw) Data race in crossbeam-deque * CVE-2021-38500 (bmo#1725854, bmo#1728321) Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176) Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 Wolfgang Rosenauer 2021-10-10 19:56:50 +00:00
  • e2c06f5c17 Accepting request 922125 from mozilla:Factory Dominique Leuenberger 2021-10-05 20:33:29 +00:00
  • 6c2a252b2e - Mozilla Thunderbird 91.1.2 * Thunderbird will now warn if an S/MIME encrypted message includes BCC recipients * several bugfixes listed on https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/ Wolfgang Rosenauer 2021-09-29 08:09:48 +00:00
  • f372e77cf6 Accepting request 921250 from mozilla:Factory Dominique Leuenberger 2021-09-26 19:48:27 +00:00
  • 109cc974e1 - Mozilla Thunderbird 91.1.1 * Menu item for disabling subject encryption for a single message added * Printing messages that are not currently displayed is no longer supported, including printing multiple messages at once * for bugfixes see https://www.thunderbird.net/en-US/thunderbird/91.1.1/releasenotes - MOZ_ENABLE_WAYLAND env variable now overrides automatic detection if already set before startup Wolfgang Rosenauer 2021-09-17 08:26:48 +00:00
  • f2396d51e3 Accepting request 917701 from mozilla:Factory Dominique Leuenberger 2021-09-11 20:24:23 +00:00
  • c5e3285967 MFSA 2021-41 (bsc#1190269) * CVE-2021-38492 (bmo#1721107) Navigating to mk: URL scheme could load Internet Explorer * CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101, bmo#1724107) Memory safety bugs fixed in Thunderbird 91.1 Wolfgang Rosenauer 2021-09-09 10:23:08 +00:00
  • d8aa64313d - Mozilla Thunderbird 91.1.0 * Thunderbird registered Accessibility Handlers using same GUIDs as Firefox, causing performance issues for NVDA users * Focus lost when reordering accounts by keyboard in the Account Manager * Account setup did not use provider display name for setting up calendars * Various theme and UX fixes MFSA 2021-XX (bsc#1190269) - (re-)added mozilla-silence-no-return-type.patch - add mozilla-bmo531915.patch to fix build for i586 Wolfgang Rosenauer 2021-09-07 19:34:18 +00:00
  • 2c48a8976d Accepting request 914797 from mozilla:Factory Dominique Leuenberger 2021-09-03 19:25:42 +00:00
  • 588265dc9f Accepting request 914700 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-08-28 14:15:56 +00:00
  • 961987d81a Accepting request 913013 from mozilla:Factory Dominique Leuenberger 2021-08-24 08:54:07 +00:00
  • 4f499ffe4c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=602 Wolfgang Rosenauer 2021-08-19 07:30:27 +00:00
  • 4416d70412 MFSA 2021-37 (bsc#1189547) * CVE-2021-29991 (bmo#1724896) Header Splitting possible with HTTP/3 Responses Wolfgang Rosenauer 2021-08-19 07:29:26 +00:00
  • 6c01889e00 - Mozilla Thunderbird 91.0.1 - appdate screenshot URL updated (by mailaender@opensuse.org) Wolfgang Rosenauer 2021-08-19 07:16:16 +00:00
  • 3e12a2f698 Accepting request 912581 from home:Mailaender:branches:mozilla:Factory Wolfgang Rosenauer 2021-08-19 07:13:22 +00:00
  • 410b652abf Accepting request 911495 from mozilla:Factory Richard Brown 2021-08-16 08:05:36 +00:00
  • aff12d5e4e - Mozilla Thunderbird 78.13.0 * removed WeTransfer integration package (not supported by vendor any longer) MFSA 2021-35 (bsc#1188891) * CVE-2021-29986 (bmo#1696138) Race condition when resolving DNS names could have led to memory corruption * CVE-2021-29988 (bmo#1717922) Memory corruption as a result of incorrect style treatment * CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization * CVE-2021-29980 (bmo#1722204) Uninitialized memory in a canvas object could have led to memory corruption * CVE-2021-29985 (bmo#1722083) Use-after-free media channels * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, bmo#1719998, bmo#1720568) Memory safety bugs fixed in Thunderbird 78.13 Wolfgang Rosenauer 2021-08-11 20:23:07 +00:00
  • 17246a4625 Accepting request 906332 from mozilla:Factory Dominique Leuenberger 2021-07-17 21:36:24 +00:00
  • 423bce9730 - Mozilla Thunderbird 78.12.0 MFSA 2021-30 (bsc#1188275) * CVE-2021-29969 (bmo#1682370) IMAP server responses sent by a MITM prior to STARTTLS could be processed * CVE-2021-29970 (bmo#1709976) Use-after-free in accessibility features of a document * CVE-2021-30547 (bmo#1715766) Out of bounds write in ANGLE * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, bmo#1711576, bmo#1714391) Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 Wolfgang Rosenauer 2021-07-14 16:25:33 +00:00
  • ef973c8645 Accepting request 897289 from mozilla:Factory Dominique Leuenberger 2021-06-09 19:51:02 +00:00
  • 8929208551 MFSA 2021-26 (bsc#1186696) * CVE-2021-29964 (bmo#1706501) Out of bounds-read when parsing a WM_COPYDATA message * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760, bmo#1704722, bmo#1706041) Memory safety bugs fixed in Thunderbird 78.11 Wolfgang Rosenauer 2021-06-03 21:22:55 +00:00
  • 7c722ac821 - Mozilla Thunderbird 78.11.0 * OpenPGP could not be disabled for an account if a key was previously configured * Recipients were unable to decrypt some messages when the sender had changed the message encryption from OpenPGP to S/MIME * Contacts moved between CardDAV address books were not synced to the new server * CardDAV compatibility fixes for Google Contacts MFSA 2021- - renewed expired mozilla.keyring Wolfgang Rosenauer 2021-06-02 20:13:57 +00:00
  • c697113980 Accepting request 895572 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-05-26 15:53:34 +00:00
  • f86926c22f Accepting request 894215 from mozilla:Factory Dominique Leuenberger 2021-05-20 17:23:30 +00:00
  • fee04cb440 - do not rely on nodejs10 anymore Wolfgang Rosenauer 2021-05-19 06:20:51 +00:00
  • 1098870ada Accepting request 891142 from mozilla:Factory Dominique Leuenberger 2021-05-10 13:36:21 +00:00
  • 7175336fc8 Accepting request 891138 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2021-05-06 21:30:17 +00:00
  • a10a636fe5 Accepting request 886906 from mozilla:Factory Dominique Leuenberger 2021-04-23 15:49:56 +00:00
  • a828691223 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=587 Wolfgang Rosenauer 2021-04-20 08:00:07 +00:00
  • 9e204516c2 - Mozilla Thunderbird 78.10.0 MFSA 2021-14 (bsc#1184960) * CVE-2021-23994 (bmo#1699077) Out of bound write due to lazy initialization * CVE-2021-23995 (bmo#1699835) Use-after-free in Responsive Design Mode * CVE-2021-23998 (bmo#1667456) Secure Lock icon could have been spoofed * CVE-2021-23961 (bmo#1677940) More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999 (bmo#1691153) Blob URLs may have been granted additional privileges * CVE-2021-24002 (bmo#1702374) Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945 (bmo#1700690) Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946 (bmo#1698503) Port blocking could be bypassed * CVE-2021-29948 (bmo#1692899) Race condition when reading from disk while verifying signatures - recommend libotr5 Wolfgang Rosenauer 2021-04-20 07:54:22 +00:00
  • 3c71a97936 Accepting request 884316 from mozilla:Factory Dominique Leuenberger 2021-04-15 14:56:41 +00:00
  • 74378bcda4 - Mozilla Thunderbird 78.9.1 * Support recipient aliases for OpenPGP encryption * The key and signature parts of the message security popup on a received message could not be selected for copy/paste * Various UX and theme improvements MFSA 2021-13 * CVE-2021-23991 (bmo#1673240) An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * MOZ-2021-23992 (bmo#1666236) A crafted OpenPGP key with an invalid user ID could be used to confuse the user * CVE-2021-23993 (bmo#1666360) Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key Wolfgang Rosenauer 2021-04-10 16:21:27 +00:00
  • b34c6168bf Accepting request 881213 from mozilla:Factory Richard Brown 2021-04-06 15:29:06 +00:00
  • 9e317f3906 - Mozilla Thunderbird 78.9.0 * bugfixes: https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes MFSA 2021-12 (boo#1183942) * CVE-2021-23981 (bmo#1692832) Texture upload into an unbound backing buffer resulted in an out-of-bound read * MOZ-2021-0002 (bmo#1691547) Angle graphics library out of date * CVE-2021-23982 (bmo#1677046) Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984 (bmo#1693664) Malicious extensions could have spoofed popup information * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718) Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 - cleaned up and fixed mozilla.sh.in for wayland (boo#1177542) Wolfgang Rosenauer 2021-03-24 21:31:27 +00:00
  • 8522010cf3 Accepting request 878160 from mozilla:Factory Dominique Leuenberger 2021-03-12 12:31:28 +00:00
  • 6c5e0317ac - Mozilla Thunderbird 78.8.1 * several bugfixes and improvements * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/ - updated create-tar.sh (bsc#1182357) Wolfgang Rosenauer 2021-03-10 12:07:26 +00:00
  • de34e0778d Accepting request 874775 from mozilla:Factory Richard Brown 2021-03-02 11:26:54 +00:00
  • e40e7bf353 - Mozilla Thunderbird 78.8.0 * various bugfixes MFSA 2021-09 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391, bmo#1687597) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 Wolfgang Rosenauer 2021-02-24 08:08:21 +00:00
  • 8a643d313e Accepting request 869925 from mozilla:Factory Dominique Leuenberger 2021-02-11 11:47:28 +00:00
  • b79bfbd3a5 - Mozilla Thunderbird 78.7.1 * CardDAV address books now support OAuth2 and Google Contacts * Thunderbird will no longer allow installation of addons that use legacy APIs Wolfgang Rosenauer 2021-02-05 22:43:35 +00:00
  • 7b7254ef3f Accepting request 867009 from mozilla:Factory Dominique Leuenberger 2021-01-29 13:55:50 +00:00
  • fa9e13d8e7 - Mozilla Thunderbird 78.7.0 MFSA 2021-05 (bsc#1181414) * CVE-2021-23953 (bmo#1683940) Cross-origin information leakage via redirected PDF requests * CVE-2021-23954 (bmo#1684020) Type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-15685 (bmo#1622640) IMAP Response Injection when using STARTTLS * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960 (bmo#1675755) Use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, bmo#1685260, bmo#1685925) Memory safety bugs fixed in Thunderbird 78.7 Wolfgang Rosenauer 2021-01-26 21:46:33 +00:00
  • 7af05402eb Accepting request 862980 from mozilla:Factory Dominique Leuenberger 2021-01-18 10:26:40 +00:00
  • 5c0edfa8c6 revert previous change Wolfgang Rosenauer 2021-01-13 14:46:17 +00:00
  • ff0ed7bc92 - Mozilla Thunderbird 78.6.1 MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Wolfgang Rosenauer 2021-01-11 22:06:38 +00:00
  • 926af1b2b2 Accepting request 856497 from mozilla:Factory Dominique Leuenberger 2020-12-24 18:40:01 +00:00
  • a88987f6eb do not touch buildroot in %build Wolfgang Rosenauer 2020-12-16 13:32:05 +00:00
  • d604cb9fa9 - Mozilla Thunderbird 78.6.0 * changes and additions in MailExtensions * several bugfixes * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/ MFSA 2020-56 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6 Wolfgang Rosenauer 2020-12-15 22:24:07 +00:00
  • 354c7e608e Accepting request 852686 from mozilla:Factory Dominique Leuenberger 2020-12-04 20:26:18 +00:00
  • b0432050ce - Mozilla Thunderbird 78.5.1 MFSA 2020-53 (bsc#1179530) * CVE-2020-26970 (bmo#1677338) Stack overflow due to incorrect parsing of SMTP server response codes Wolfgang Rosenauer 2020-12-02 16:28:42 +00:00
  • 6cfd650c6b Accepting request 849310 from mozilla:Factory Dominique Leuenberger 2020-11-21 11:40:29 +00:00
  • 4a95a320a3 - Mozilla Thunderbird 78.5.0 MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, Wolfgang Rosenauer 2020-11-17 14:20:30 +00:00
  • 3a8fbb1470 Accepting request 847757 from mozilla:Factory Dominique Leuenberger 2020-11-15 14:21:12 +00:00
  • 808637d07c https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/ Wolfgang Rosenauer 2020-11-11 09:22:58 +00:00
  • 007409f510 - Mozilla Thunderbird 78.4.3 - added mozilla-rust-1.47.patch to fix build with rust 1.47 Wolfgang Rosenauer 2020-11-11 09:21:39 +00:00
  • db081d1533 - Mozilla Thunderbird 78.4.1 * Bugfixes and minor features https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/ Wolfgang Rosenauer 2020-11-08 18:36:03 +00:00
  • d7a7c5a683 Accepting request 843275 from mozilla:Factory Dominique Leuenberger 2020-10-26 15:08:16 +00:00
  • 63df217471 MFSA 2020-47 (bsc#1177872) * CVE-2020-15969 (bmo#1666570) Use-after-free in usersctp * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760, bmo#1663439, bmo#1666140) Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 Wolfgang Rosenauer 2020-10-21 20:18:32 +00:00
  • 69e75a6f77 - Mozilla Thunderbird 78.4.0 * MailExtensions: browser.tabs.sendMessage API added * MailExtensions: messageDisplayScripts API added * Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * MailExtensions: messageDisplay APIs extended to support multiple selected messages * MailExtensions: compose.begin functions now support creating a message with attachments * multiple bugfixes Wolfgang Rosenauer 2020-10-21 09:31:04 +00:00
  • 7975166d69 Accepting request 842109 from mozilla:Factory Dominique Leuenberger 2020-10-20 14:01:45 +00:00