forked from pool/MozillaThunderbird
MFSA 2018-16 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element * CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * CVE-2018-12372 (bmo#1419417) S/MIME and PGP decryption oracles can be built with HTML emails * CVE-2018-12373 (bmo#1464667, bmo#1464056) S/MIME plaintext can be leaked through HTML reply/forward * CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * CVE-2018-12374 (bmo#1462910) Using form to exfiltrate encrypted mail part by pressing enter in form field * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=410
This commit is contained in:
parent
9a9de5cf1f
commit
4460ca6a07
@ -2,6 +2,32 @@
|
|||||||
Mon Jul 2 12:36:32 UTC 2018 - wr@rosenauer.org
|
Mon Jul 2 12:36:32 UTC 2018 - wr@rosenauer.org
|
||||||
|
|
||||||
- update to Thunderbird 52.9 (bsc#1098998)
|
- update to Thunderbird 52.9 (bsc#1098998)
|
||||||
|
MFSA 2018-16 (bsc#1098998)
|
||||||
|
* CVE-2018-12359 (bmo#1459162)
|
||||||
|
Buffer overflow using computed size of canvas element
|
||||||
|
* CVE-2018-12360 (bmo#1459693)
|
||||||
|
Use-after-free when using focus()
|
||||||
|
* CVE-2018-12372 (bmo#1419417)
|
||||||
|
S/MIME and PGP decryption oracles can be built with HTML emails
|
||||||
|
* CVE-2018-12373 (bmo#1464667, bmo#1464056)
|
||||||
|
S/MIME plaintext can be leaked through HTML reply/forward
|
||||||
|
* CVE-2018-12362 (bmo#1452375)
|
||||||
|
Integer overflow in SSSE3 scaler
|
||||||
|
* CVE-2018-12363 (bmo#1464784)
|
||||||
|
Use-after-free when appending DOM nodes
|
||||||
|
* CVE-2018-12364 (bmo#1436241)
|
||||||
|
CSRF attacks through 307 redirects and NPAPI plugins
|
||||||
|
* CVE-2018-12365 (bmo#1459206)
|
||||||
|
Compromised IPC child process can list local filenames
|
||||||
|
* CVE-2018-12366 (bmo#1464039)
|
||||||
|
Invalid data handling during QCMS transformations
|
||||||
|
* CVE-2018-12374 (bmo#1462910)
|
||||||
|
Using form to exfiltrate encrypted mail part by pressing enter in form field
|
||||||
|
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
|
||||||
|
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
|
||||||
|
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
|
||||||
|
bmo#1464079,bmo#1463494,bmo#1458048)
|
||||||
|
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
|
||||||
- correct requires and provides handling (boo#1076907)
|
- correct requires and provides handling (boo#1076907)
|
||||||
- reduce memory footprint with %ix86 at linking time via additional
|
- reduce memory footprint with %ix86 at linking time via additional
|
||||||
compiler flags (boo#1091376)
|
compiler flags (boo#1091376)
|
||||||
|
Loading…
Reference in New Issue
Block a user