a2bcb59d79* MFSA 2014-74/CVE-2014-1574 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe
Wolfgang Rosenauer
2014-10-14 18:20:37 +00:00
8be0913675- update to Thunderbird 31.2.0 (bnc#900941)
Wolfgang Rosenauer
2014-10-13 22:15:01 +00:00
98a4adb66bAccepting request 249091 from mozilla:Factory
Stephan Kulow
2014-09-17 19:24:31 +00:00
0c910e791b- update to Thunderbird 31.1.1 * Fixed an issue where mailing lists with spaces in their names couldn't be autocompleted (bmo#1060901) * Fixed an occasional startup crash (bmo#1005336)
Wolfgang Rosenauer
2014-09-13 15:34:56 +00:00
fcfb225d36Accepting request 247295 from mozilla:Factory
Stephan Kulow
2014-09-04 05:55:58 +00:00
1ec46892a7* MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality
Wolfgang Rosenauer
2014-09-02 18:10:58 +00:00
e1274896ec- update to Thunderbird 31.1.0 (bnc#894370) - added mozilla-nullptr-gcc45.patch to build on gcc 4.5 dists (e.g. openSUSE 11.4)
Wolfgang Rosenauer
2014-09-01 11:17:01 +00:00
2d7c948234Accepting request 242772 from mozilla:Factory
Stephan Kulow
2014-08-01 05:07:43 +00:00
c34ff70793- update to Thunderbird 31.0 * based on Gecko 31 * Autocompleting email addresses now matches against any part of the name or email * Composing a mail to a newsgroup will now autocomplete newsgroup names * Insecure NTLM (pre-NTLMv2) authentication disabled - rebased patches - removed enigmail entirely from source package - removed obsolete patches * libffi-ppc64le.patch * ppc64le-support.patch * xpcom-ppc64le.patch - use GStreamer 1.0 after 13.1 - switched source archives to use xz instead of bz2
Wolfgang Rosenauer
2014-07-28 13:29:31 +00:00
b88ebff8fdAccepting request 241956 from mozilla:Factory
Stephan Kulow
2014-07-25 10:27:21 +00:00
3eeadca128* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images
Wolfgang Rosenauer
2014-07-23 05:20:48 +00:00
4f3d1309a5- update to Thunderbird 24.7.0 (bnc#887746) - disabled enigmail build as with version 1.7 it's a standalone source package
Wolfgang Rosenauer
2014-07-21 14:54:52 +00:00
f48c71dc3bAccepting request 236869 from mozilla:Factory
Stephan Kulow
2014-06-16 19:42:54 +00:00
fbc02620d0- update to Thunderbird 24.6.0 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR - require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545
Wolfgang Rosenauer
2014-06-11 11:43:13 +00:00
3519eadfa2Accepting request 232131 from mozilla:Factory
Stephan Kulow
2014-05-01 05:51:40 +00:00
de01ebd834- update to Thunderbird 24.5.0 (bnc#875378) * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - use shipped-locales as the authoritative source for supported locales (some unsupported locales disappear from -other package)
Wolfgang Rosenauer
2014-04-29 21:51:52 +00:00
9bea9612acAccepting request 226674 from mozilla:Factory
Stephan Kulow
2014-03-20 06:33:17 +00:00
f37602b132- update to Thunderbird 24.4.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering
Wolfgang Rosenauer
2014-03-18 22:12:49 +00:00
a5a40c21afAccepting request 220930 from mozilla:Factory
Stephan Kulow
2014-02-05 15:23:32 +00:00
53c275cf9a* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects - requires NSS 3.15.4
Wolfgang Rosenauer
2014-02-05 06:05:50 +00:00
929740e2de- update to Thunderbird 24.3.0 (bnc#861847) * requires NSS 3.15.4 - renamed ppc64le patches to streamline with Firefox package
Wolfgang Rosenauer
2014-02-03 16:33:09 +00:00
2539c7b130Accepting request 213382 from mozilla:Factory
Stephan Kulow
2014-01-11 07:09:54 +00:00
47b36852f5Accepting request 211249 from openSUSE:Factory:PowerLE
Wolfgang Rosenauer
2014-01-02 21:34:06 +00:00
e3bea42d56Accepting request 210493 from mozilla:Factory
Stephan Kulow
2013-12-11 14:41:42 +00:00
f85086f38b- update to Thunderbird 24.2.0 (bnc#854370) * requires NSS 3.15.3.1 or higher * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1)
Wolfgang Rosenauer
2013-12-11 09:07:36 +00:00
1a0092ade1Accepting request 209660 from mozilla:Factory
Stephan Kulow
2013-12-08 18:30:32 +00:00
d19b8513af- update to Thunderbird 24.1.1 * requires NSPR 4.10.2 and NSS 3.15.3 for security reasons * fix binary compatibility issues for patch level updates (bmo#927073)
Wolfgang Rosenauer
2013-11-29 15:06:11 +00:00
780b4bcb59Accepting request 205266 from mozilla:Factory
Stephan Kulow
2013-11-05 09:58:49 +00:00
aceee89f9e- update to Thunderbird 24.1.0 (bnc#847708) * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates
Wolfgang Rosenauer
2013-10-30 15:23:59 +00:00
e49b6342a2Accepting request 203067 from mozilla:Factory
Tomáš Chvátal
2013-10-14 07:29:43 +00:00
db13379b32- update to Thunderbird 24.0.1 * fqdn for smtp server name was not accepted (bmo#913785) * fixed crash in PL_strncasecmp (bmo#917955) - update Enigmail to 1.6 * The passphrase timeout configuration in Enigmail is now read and written from/to gpg-agent. * New dialog to change the expiry date of keys * New function to search for the OpenPGP keys of all Address Book entries on a keyserver * removed obsolete enigmail-build.patch
Wolfgang Rosenauer
2013-10-12 20:10:48 +00:00
d30a1e6fdfAccepting request 199621 from mozilla:Factory
Stephan Kulow
2013-09-23 08:27:40 +00:00
7cf4c28e1a* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration
Wolfgang Rosenauer
2013-09-17 19:11:47 +00:00
89a6be5456- moved greek to common translation package
Wolfgang Rosenauer
2013-09-16 15:36:59 +00:00
1cbaa007b0- update to Thunderbird 24.0 (bnc#840485) - require NSPR 4.10 and NSS 3.15.1 - add GStreamer build requirements for Gecko - added enigmail-build.patch to fix TB packaging (bmo#886095) - removed obsolete patches: * enigmail-old-gcc.patch * mozilla-gcc43-enums.patch * mozilla-gcc43-template_hacks.patch * mozilla-gcc43-templates_instantiation.patch * ppc-xpcshell.patch
Wolfgang Rosenauer
2013-09-16 09:26:56 +00:00
d6aadff0b3Accepting request 186306 from mozilla:Factory
Tomáš Chvátal
2013-08-11 09:21:15 +00:00
ffa346f8d7- update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system
Wolfgang Rosenauer
2013-08-07 12:03:36 +00:00
870b2534c7Accepting request 180914 from mozilla:Factory
Stephan Kulow
2013-06-26 18:24:48 +00:00
ec481f916a* MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context
Wolfgang Rosenauer
2013-06-25 18:28:06 +00:00
95589b0c33- update to Thunderbird 17.0.7 (bnc#825935) ppc-xpcshell.patch
Wolfgang Rosenauer
2013-06-24 10:39:40 +00:00
2c3d728c05Accepting request 177943 from mozilla:Factory
Stephan Kulow
2013-06-07 08:05:16 +00:00
24e9f33a57Accepting request 177615 from home:k0da:ppc
Wolfgang Rosenauer
2013-06-06 20:24:09 +00:00
a4d9a26816Accepting request 175659 from mozilla:Factory
Stephan Kulow
2013-05-16 09:11:10 +00:00
38480e2a5e- update to Thunderbird 17.0.6 (bnc#819204) * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
Wolfgang Rosenauer
2013-05-14 18:37:41 +00:00
7baf0fd731Accepting request 162289 from mozilla:Factory
Stephan Kulow
2013-04-06 17:54:03 +00:00
985914c415- update to Thunderbird 17.0.5 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations
Wolfgang Rosenauer
2013-04-02 19:48:58 +00:00
614549bdcaAccepting request 158562 from mozilla:Factory
Stephan Kulow
2013-03-12 05:56:30 +00:00
c1b9d6133d- update to Thunderbird 17.0.4 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor
Wolfgang Rosenauer
2013-03-08 14:36:42 +00:00
9717419baeAccepting request 155862 from mozilla:Factory
Stephan Kulow
2013-02-20 08:33:11 +00:00
0ab598f59e- update to Thunderbird 17.0.3 (bnc#804248) * MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
Wolfgang Rosenauer
2013-02-19 19:47:44 +00:00
56b2b57213- update Enigmail to 1.5.1 * The release fixes the regressions found in the past few weeks
Wolfgang Rosenauer
2013-02-11 08:28:05 +00:00
77e5775e4aAccepting request 147600 from mozilla:Factory
Stephan Kulow
2013-01-10 12:47:30 +00:00
03a97ef381* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
Wolfgang Rosenauer
2013-01-08 18:18:28 +00:00
9bf273af7c- update to Thunderbird 17.0.2 (bnc#796895) - update Enigmail to 1.5.0
Wolfgang Rosenauer
2013-01-05 15:33:22 +00:00
98ff976227Accepting request 143654 from mozilla:Factory
Stephan Kulow
2012-12-03 09:44:01 +00:00
1b7efd7222- fix KDE integration for file dialogs
Wolfgang Rosenauer
2012-11-26 11:26:43 +00:00
fb13ba9d3a- fix some rpmlint warnings (mkdir.done files)
Wolfgang Rosenauer
2012-11-23 10:34:29 +00:00
f86250f903Accepting request 142209 from mozilla:Factory
Stephan Kulow
2012-11-22 13:02:23 +00:00
456670b3c9- update to Thunderbird 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
Wolfgang Rosenauer
2012-11-20 21:23:42 +00:00
9d92fafe18Accepting request 139559 from mozilla:Factory
Stephan Kulow
2012-10-29 19:03:16 +00:00
e4e4d7fda8- update to Thunderbird 16.0.2 (bnc#786522) * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues
Wolfgang Rosenauer
2012-10-27 13:10:47 +00:00
04d1e20c11Accepting request 137944 from mozilla:Factory
Stephan Kulow
2012-10-13 17:54:26 +00:00
cb5877b7e4- update to Thunderbird 16.0.1 (bnc#783533) * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied
Wolfgang Rosenauer
2012-10-12 07:02:21 +00:00
2a3012ee02Accepting request 137669 from mozilla:Factory
Stephan Kulow
2012-10-11 09:09:53 +00:00
50b8e0db7c* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager
Wolfgang Rosenauer
2012-10-09 20:30:32 +00:00
4100df6994- update to Thunderbird 16.0 (bnc#783533) - update Enigmail to version 1.4.5
Wolfgang Rosenauer
2012-10-09 11:36:47 +00:00
bd823c9bbaAccepting request 131906 from mozilla:Factory
Stephan Kulow
2012-08-31 07:45:36 +00:00
f8e817275d- update to Thunderbird 15.0 (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code - update Enigmail to 1.4.4
Wolfgang Rosenauer
2012-08-28 19:12:48 +00:00
75f20e8e8bAccepting request 129202 from mozilla:Factory
Ismail Dönmez
2012-07-30 09:17:30 +00:00
456e1b3bf4Accepting request 129194 from home:a_jaeger:FactoryFix
Wolfgang Rosenauer
2012-07-29 09:31:48 +00:00
35527f2ed0Accepting request 128279 from mozilla:Factory
Stephan Kulow
2012-07-20 08:20:33 +00:00
19daaad5c6- update to Thunderbird 14.0 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs
Wolfgang Rosenauer
2012-07-18 22:02:58 +00:00
bff98d2e04- update to Thunderbird 14.0 (bnc#) * relicensed to MPL-2.0 - update Enigmail to 1.4.3 * bugfix release
Wolfgang Rosenauer
2012-07-16 08:37:53 +00:00
2128e757a3Accepting request 127263 from mozilla:Factory
Stephan Kulow
2012-07-09 07:51:20 +00:00
ecebc15ccdAccepting request 127201 from openSUSE:Factory:ARM
Wolfgang Rosenauer
2012-07-06 09:49:22 +00:00
bb89ea2640Accepting request 125187 from mozilla:Factory
Stephan Kulow
2012-06-18 15:31:42 +00:00
3e9e04f41a- update to Thunderbird 13.0.1 * bugfix release
Wolfgang Rosenauer
2012-06-15 21:03:57 +00:00
fbaf851df7Accepting request 123738 from mozilla:Factory
Stephan Kulow
2012-06-06 14:08:53 +00:00
9c02a444ab- update to Thunderbird 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix build with system NSPR (mozilla-system-nspr.patch) - add dependentlibs.list for improved XRE startup - update enigmail to 1.4.2
Wolfgang Rosenauer
2012-06-06 06:41:25 +00:00
0c8d8da923Accepting request 121180 from mozilla:Factory
Stephan Kulow
2012-05-16 19:08:36 +00:00
087fae14ac- reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch)
Wolfgang Rosenauer
2012-05-16 05:39:34 +00:00
52f2fb6c8dAccepting request 115998 from mozilla:Factory
Stephan Kulow
2012-05-07 20:48:14 +00:00
1e49694862- update to Thunderbird 12.0.1 * fix regressions - POP3 filters (bmo#748090) - Message Body not loaded when using "Fetch Headers Only" (bmo#748865) - Received messages contain parts of other messages with movemail account (bmo#748726) - New mail notification issue (bmo#748997) - crash in nsMsgDatabase::MatchDbName (bmo#748432)
Wolfgang Rosenauer
2012-04-30 07:07:52 +00:00
9c22a636ab- fixed build with gcc 4.7
Wolfgang Rosenauer
2012-04-27 10:23:10 +00:00
881c0a1733* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds
Wolfgang Rosenauer
2012-04-25 05:52:33 +00:00
3016e1a3a3Accepting request 114916 from mozilla:Factory
Stephan Kulow
2012-04-23 14:11:50 +00:00
5208be93d9- update to Thunderbird 11.0.1 (bnc#755060)
Wolfgang Rosenauer
2012-04-21 18:25:28 +00:00
374fb49820- update to Thunderbird 11.0.1 * Fixing an issue where filters can get messed up (bmo#735940) * Fixes a hang when switching IMAP folders, or doing other imap functions (bmo#733731)
Wolfgang Rosenauer
2012-04-21 18:22:26 +00:00
7cc6c7121d- update to Thunderbird 12.0
Wolfgang Rosenauer
2012-04-21 10:04:37 +00:00
2b3fd56291- update to Thunderbird 12.0b5 - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue)
Wolfgang Rosenauer
2012-04-20 21:16:28 +00:00
d8e12e206cAccepting request 112142 from mozilla:Factory
Stephan Kulow
2012-04-03 07:19:26 +00:00
4609272b41- update to Thunderbird 11.0.1 (bnc#755060) * Fixing an issue where filters can get messed up (bmo#735940) * Fixes a hang when switching IMAP folders, or doing other imap functions (bmo#733731)
Wolfgang Rosenauer
2012-04-02 07:54:14 +00:00
214130bbd9Accepting request 109222 from mozilla:Factory
Stephan Kulow
2012-03-16 12:18:25 +00:00
2f435219ac- update to Thunderbird 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards - update enigmail to 1.4 - added KDE integration patches (bnc#749440)
Wolfgang Rosenauer
2012-03-14 07:47:37 +00:00
cc9e79c2e2Accepting request 105495 from mozilla:Factory
Stephan Kulow
2012-02-17 11:06:18 +00:00
a00d12f930- update to Thunderbird 10.0.2 (bnc#747328) * CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow
Wolfgang Rosenauer
2012-02-16 14:17:16 +00:00
Wolfgang Rosenauer
Stephan Kulow
Tomáš Chvátal
Ismail Dönmez