products/PackageHub
SHA256
31
1
Fork 13
Code Issues Pull Requests 22 Actions Activity

Pull request for security update for mozillathunderbird #206

Manually merged
products merged 2 commits from msmeissn/PackageHub:maintenance-update-1762270265 into leap-16.0 2025-11-07 09:48:40 +01:00
Conversation 24 Commits 2 Files Changed 2 +64 -1
2 changed files with 64 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
MozillaThunderbird

Submodule MozillaThunderbird updated: ab2bb34d07...22f383859f

63
patchinfo.20251104153107003768.187004354831441/_patchinfo Normal file
View File

@@ -0,0 +1,63 @@
<patchinfo>
<issue tracker="cve" id="2025-11710"/>
<issue tracker="cve" id="2025-11709"/>
<issue tracker="cve" id="2025-11715"/>
<issue tracker="bnc" id="1247774">[SLFO:Main] [SLES16.0] MozillaFirefox fails to build on s390x</issue>
<issue tracker="cve" id="2025-11712"/>
<issue tracker="cve" id="2025-11708"/>
<issue tracker="cve" id="2025-11714"/>
<issue tracker="cve" id="2025-11713"/>
<issue tracker="cve" id="2025-11711"/>
<issue tracker="bnc" id="1251263">VUL-0: MozillaFirefox / MozillaThunderbird: update to 144.0 and 140.4esr</issue>
<packager>MSirringhaus</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for MozillaThunderbird</summary>
<description>This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 140.4:
* changed: Account Hub is now disabled by default for second
email account
* changed: Flatpak runtime has been updated to Freedesktop SDK
24.08
* fixed: Users could not read mail signed with OpenPGP v6 and
PQC keys
* fixed: Image preview in Insert Image dialog failed with CSP
error for web resources
* fixed: Emptying trash on exit did not work with some
providers
* fixed: Thunderbird could crash when applying filters
* fixed: Users were unable to override expired mail server
certificate
* fixed: Opening Website header link in RSS feed incorrectly
re-encoded URL parameters
* fixed: Security fixes
MFSA 2025-85 (bsc#1251263):
* CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance()
* CVE-2025-11709
Out of bounds read/write in a privileged process triggered by
WebGL textures
* CVE-2025-11710
Cross-process information leaked due to malicious IPC
messages
* CVE-2025-11711
Some non-writable Object properties could be modified
* CVE-2025-11712
An OBJECT tag type attribute overrode browser behavior on web
resources without a content-type
* CVE-2025-11713
Potential user-assisted code execution in “Copy as cURL”
command
* CVE-2025-11714
Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR
140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
* CVE-2025-11715
Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird
ESR 140.4, Firefox 144 and Thunderbird 144
</description>
<package>MozillaThunderbird</package>
</patchinfo>