From c6627799159c537cdb7b481a1f1ea31abd3c6ff17942bd8c6d708b119359689b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 4 Nov 2025 16:32:07 +0100 Subject: [PATCH 1/2] Update submodules from pool/MozillaThunderbird#6 and create patchinfo.20251104153107003768.187004354831441/_patchinfo --- MozillaThunderbird | 2 +- .../_patchinfo | 64 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20251104153107003768.187004354831441/_patchinfo diff --git a/MozillaThunderbird b/MozillaThunderbird index ab2bb34..22f3838 160000 --- a/MozillaThunderbird +++ b/MozillaThunderbird @@ -1 +1 @@ -Subproject commit ab2bb34d0728d73a3f5449012f95c8b84c13edf75ae06f1fefe5f28c900b241d +Subproject commit 22f383859f87a98bbefa8d77c5f65ec29c591dbbf4290a71f80f85d0442b32b3 diff --git a/patchinfo.20251104153107003768.187004354831441/_patchinfo b/patchinfo.20251104153107003768.187004354831441/_patchinfo new file mode 100644 index 0000000..28bf69e --- /dev/null +++ b/patchinfo.20251104153107003768.187004354831441/_patchinfo @@ -0,0 +1,64 @@ + + + + + [SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x + + + + + + VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr + MSirringhaus + moderate + security + Security update for MozillaThunderbird + This update for MozillaThunderbird fixes the following issues: + +Mozilla Thunderbird 140.4: + + * changed: Account Hub is now disabled by default for second + email account + * changed: Flatpak runtime has been updated to Freedesktop SDK + 24.08 + * fixed: Users could not read mail signed with OpenPGP v6 and + PQC keys + * fixed: Image preview in Insert Image dialog failed with CSP + error for web resources + * fixed: Emptying trash on exit did not work with some + providers + * fixed: Thunderbird could crash when applying filters + * fixed: Users were unable to override expired mail server + certificate + * fixed: Opening Website header link in RSS feed incorrectly + re-encoded URL parameters + * fixed: Security fixes + +MFSA 2025-85 (bsc#1251263): + + * CVE-2025-11708 + Use-after-free in MediaTrackGraphImpl::GetInstance() + * CVE-2025-11709 + Out of bounds read/write in a privileged process triggered by + WebGL textures + * CVE-2025-11710 + Cross-process information leaked due to malicious IPC + messages + * CVE-2025-11711 + Some non-writable Object properties could be modified + * CVE-2025-11712 + An OBJECT tag type attribute overrode browser behavior on web + resources without a content-type + * CVE-2025-11713 + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-11714 + Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR + 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + * CVE-2025-11715 + Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird + ESR 140.4, Firefox 144 and Thunderbird 144 + + MozillaThunderbird + + -- 2.51.1 From dc8c823d257f4057b5e3c947bb34094b8ff56f7b3ca10fb48e68617b38a569aa Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 5 Nov 2025 10:52:05 +0100 Subject: [PATCH 2/2] Update patchinfo.20251104153107003768.187004354831441/_patchinfo remove seperate buiild arch --- patchinfo.20251104153107003768.187004354831441/_patchinfo | 1 - 1 file changed, 1 deletion(-) diff --git a/patchinfo.20251104153107003768.187004354831441/_patchinfo b/patchinfo.20251104153107003768.187004354831441/_patchinfo index 28bf69e..b020c86 100644 --- a/patchinfo.20251104153107003768.187004354831441/_patchinfo +++ b/patchinfo.20251104153107003768.187004354831441/_patchinfo @@ -60,5 +60,4 @@ MFSA 2025-85 (bsc#1251263): ESR 140.4, Firefox 144 and Thunderbird 144 MozillaThunderbird - -- 2.51.1