Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory

Adjust changelog based on MFSA 2018-09

OBS-URL: https://build.opensuse.org/request/show/590831
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=402

MozillaThunderbird.changes

@@ -1,16 +1,32 @@
 -------------------------------------------------------------------
 Fri Mar 23 09:39:40 UTC 2018 - wr@rosenauer.org
 
-- update to Thunderbird 52.7 (bsc#1085130)
+- update to Thunderbird 52.7
   * Searching message bodies of messages in local folders, including
     filter and quick filter operations, did not find content in
     message attachments
   * Better error handling for Yahoo accounts
-  MFSA 2018-08
+- The following security fixes are included as part of the mozilla
+  platform. In general, these flaws cannot be exploited through
+  email in the Thunderbird product because scripting is disabled
+  when reading mail, but are potentially risks in browser or
+  browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
+  * CVE-2018-5127 (bmo#1430557)
+    Buffer overflow manipulating SVG animatedPathSegList
+  * CVE-2018-5129 (bmo#1428947)
+    Out-of-bounds write with malformed IPC messages
+  * CVE-2018-5144 (bmo#1440926)
+    Integer overflow during Unicode conversion
   * CVE-2018-5146 (bmo#1446062)
     Out of bounds memory write in libvorbis
-  * CVE-2018-5147 (bmo#1446365)
-    Out of bounds memory write in libtremor
+  * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
+    bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
+    bmo#1443865,bmo#1425520)
+    Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
+    Thunderbird 52.7
+  * CVE-2018-5145 (bmo#1261175,bmo#1348955)
+    Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
+    52.7
 
 -------------------------------------------------------------------
 Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org