rpm/MozillaThunderbird
SHA256
1
0
Fork 0
forked from pool/MozillaThunderbird
Code Pull Requests Activity

* Account Manager fixes and improvements

Browse Source 
* https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
  MFSA 2020-18 (bsc#1171186)
  * CVE-2020-12397 (bmo#1617370)
    Sender Email Address Spoofing using encoded Unicode characters
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Thunderbird 68.8.0
- removed obsolete patch mozilla-bmo1580963.patch
  (bmo#1580963)
  In general, these flaws cannot be exploited through email in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=529
This commit is contained in:
Wolfgang Rosenauer 2020-05-06 07:22:35 +00:00 committed by Git OBS Bridge
parent f31294e41a
commit 472726a884
2 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
MozillaThunderbird.changes
View File

@ -2,11 +2,30 @@
Tue May 5 07:49:33 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 68.8.0
* Account Manager fixes and improvements
* https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
MFSA 2020-18 (bsc#1171186)
* CVE-2020-12397 (bmo#1617370)
Sender Email Address Spoofing using encoded Unicode characters
* CVE-2020-12387 (bmo#1545345)
Use-after-free during worker shutdown
* CVE-2020-6831 (bmo#1632241)
Buffer overflow in SCTP chunk input validation
* CVE-2020-12392 (bmo#1614468)
Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393 (bmo#1615471)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
Memory safety bugs fixed in Thunderbird 68.8.0
- removed obsolete patch mozilla-bmo1580963.patch
-------------------------------------------------------------------
Tue May 5 07:00:36 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
- Add mozilla-bmo1580963.patch to fix build with rust 1.43
(bmo#1580963)
-------------------------------------------------------------------
Thu Apr 9 17:27:50 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>

2
MozillaThunderbird.spec
View File

@ -172,7 +172,6 @@ Patch21: mozilla-bmo1554971.patch
Patch22: mozilla-nestegg-big-endian.patch
Patch24: mozilla-fix-top-level-asm.patch
Patch25: mozilla-bmo1504834-part4.patch
Patch26: mozilla-bmo1580963.patch
%endif # only_print_mozconfig
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: coreutils fileutils textutils /bin/sh
@ -270,7 +269,6 @@ fi
%patch22 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%endif # only_print_mozconfig
%build