From 2fe1d46e2283b2c76a53fa254a5f1bc3323fa32643d018a62bbd378946eaebc2 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Mon, 26 Mar 2018 11:03:30 +0000
Subject: [PATCH] Accepting request 590831 from
 home:AndreasStieger:branches:mozilla:Factory

Adjust changelog based on MFSA 2018-09

OBS-URL: https://build.opensuse.org/request/show/590831
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=402
---
 MozillaThunderbird.changes | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index ad575f4..40f8b37 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,16 +1,32 @@
 -------------------------------------------------------------------
 Fri Mar 23 09:39:40 UTC 2018 - wr@rosenauer.org
 
-- update to Thunderbird 52.7 (bsc#1085130)
+- update to Thunderbird 52.7
   * Searching message bodies of messages in local folders, including
     filter and quick filter operations, did not find content in
     message attachments
   * Better error handling for Yahoo accounts
-  MFSA 2018-08
+- The following security fixes are included as part of the mozilla
+  platform. In general, these flaws cannot be exploited through
+  email in the Thunderbird product because scripting is disabled
+  when reading mail, but are potentially risks in browser or
+  browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
+  * CVE-2018-5127 (bmo#1430557)
+    Buffer overflow manipulating SVG animatedPathSegList
+  * CVE-2018-5129 (bmo#1428947)
+    Out-of-bounds write with malformed IPC messages
+  * CVE-2018-5144 (bmo#1440926)
+    Integer overflow during Unicode conversion
   * CVE-2018-5146 (bmo#1446062)
     Out of bounds memory write in libvorbis
-  * CVE-2018-5147 (bmo#1446365)
-    Out of bounds memory write in libtremor
+  * CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
+    bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
+    bmo#1443865,bmo#1425520)
+    Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
+    Thunderbird 52.7
+  * CVE-2018-5145 (bmo#1261175,bmo#1348955)
+    Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
+    52.7
 
 -------------------------------------------------------------------
 Wed Jan 24 11:40:38 UTC 2018 - wr@rosenauer.org