From 12132f7191e4ce12cba21450f7249fe1c427b56fba99b2b09a69e62bdedc4b25 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Sat, 11 Apr 2020 21:13:39 +0000 Subject: [PATCH] Accepting request 793228 from home:AndreasStieger:branches:mozilla:Factory MFSA 2020-14 data OBS-URL: https://build.opensuse.org/request/show/793228 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=525 --- MozillaThunderbird.changes | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 85a39a8..e5bf254 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -14,6 +14,21 @@ Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger * Calendar: Invitations with embedded null bytes did not always decode correctly * Calendar: Cancelled events didn't show with a line-through * Various security fixes + MFSA 2020-14 + In general, these flaws cannot be exploited through email in + Thunderbird because scripting is disabled when reading mail, but + are potentially risks in browser or browser-like contexts. + * CVE-2020-6819 (bmo#1620818, bsc#1168630) + Use-after-free while running the nsDocShell destructor + * CVE-2020-6820 (bmo#1626728, bsc#1168630) + Use-after-free when handling a ReadableStream + * CVE-2020-6821 (bmo#1625404, bsc#1168874) + Uninitialized memory could be read when using the WebGL + copyTexSubImage method + * CVE-2020-6822 (bmo#1544181, bsc#1168874) + Out of bounds write in GMPDecodeData when processing large images + * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203,bsc#1168874) + Memory safety bugs fixed in Thunderbird 68.7.0 ------------------------------------------------------------------- Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer