pool/MozillaThunderbird
SHA256
20
0
Fork 4
Code Issues Pull Requests Activity

Update to 140.3.0 ESR #5

Manually merged
Yoshio_Sato merged 1 commits from :leap-16.0 into leap-16.0 2025-10-29 17:00:55 +01:00
Conversation 9 Commits 1 Files Changed 10 +63 -44
Yoshio_Sato commented 2025-09-26 16:18:21 +02:00
Contributor
Copy Link

  • Mozilla Thunderbird 140.3.0 ESR

    • Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded
      draft subject
    • Thunderbird could crash on startup
    • Thunderbird could crash when importing mail
    • Opening Website header link in RSS feed incorrectly re-encoded
      URL parameters
      MFSA 2025-78 (bsc#1249391)
    • CVE-2025-10527 (bmo#1984825)
      Sandbox escape due to use-after-free in the Graphics:
      Canvas2D component
    • CVE-2025-10528 (bmo#1986185)
      Sandbox escape due to undefined behavior, invalid pointer in
      the Graphics: Canvas2D component
    • CVE-2025-10529 (bmo#1970490)
      Same-origin policy bypass in the Layout component
    • CVE-2025-10532 (bmo#1979502)
      Incorrect boundary conditions in the JavaScript: GC component
    • CVE-2025-10533 (bmo#1980788)
      Integer overflow in the SVG component
    • CVE-2025-10536 (bmo#1981502)
      Information disclosure in the Networking: Cache component
    • CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280,
      bmo#1981283, bmo#1984505, bmo#1985067)
      Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird
      ESR 140.3, Firefox 143 and Thunderbird 143

  • baserev update by copy to link target

- Mozilla Thunderbird 140.3.0 ESR * Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded draft subject * Thunderbird could crash on startup * Thunderbird could crash when importing mail * Opening Website header link in RSS feed incorrectly re-encoded URL parameters MFSA 2025-78 (bsc#1249391) * CVE-2025-10527 (bmo#1984825) Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 (bmo#1986185) Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 (bmo#1970490) Same-origin policy bypass in the Layout component * CVE-2025-10532 (bmo#1979502) Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 (bmo#1980788) Integer overflow in the SVG component * CVE-2025-10536 (bmo#1981502) Information disclosure in the Networking: Cache component * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280, bmo#1981283, bmo#1984505, bmo#1985067) Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 - baserev update by copy to link target
Yoshio_Sato added 1 commit 2025-09-26 16:18:22 +02:00
Update to 140.3.0 ESR ab2bb34d07
autogits_workflow_pr_bot requested review from legaldb 2025-10-27 11:20:41 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2025-10-27 11:20:41 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2025-10-27 11:20:42 +01:00
maintenance-release-review commented 2025-10-27 11:23:34 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
opensuse-review commented 2025-10-27 11:28:14 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
eroca commented 2025-10-27 15:05:14 +01:00
Owner
Copy Link

@opensuse-review : approve

LGTM

@opensuse-review : approve LGTM
opensuse-review approved these changes 2025-10-27 15:10:35 +01:00
opensuse-review left a comment
Member
Copy Link

eroca approved a review on behalf of opensuse-review

eroca approved a review on behalf of opensuse-review
legaldb commented 2025-10-27 15:15:58 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/482599).
msmeissn commented 2025-10-27 17:44:44 +01:00
First-time contributor
Copy Link

@maintenance-release-review: approve

@maintenance-release-review: approve
maintenance-release-review approved these changes 2025-10-27 17:50:53 +01:00
maintenance-release-review left a comment
First-time contributor
Copy Link

msmeissn approved a review on behalf of maintenance-release-review

msmeissn approved a review on behalf of maintenance-release-review
legaldb commented 2025-10-27 18:39:49 +01:00
Member
Copy Link

Legal reviewed by dec16180 as acceptable_by_lawyer:

Reviewed ok
Legal reviewed by *dec16180* as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/482599): ``` Reviewed ok ```
report.md
42 KiB
legaldb approved these changes 2025-10-27 18:39:50 +01:00
Yoshio_Sato manually merged commit ab2bb34d07 into leap-16.0 2025-10-29 17:00:55 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
opensuse-review
maintenance-release-review
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
6 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/MozillaThunderbird#5
Delete Branch ":leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?