From 5e3677350aa0823dc27550f0dfea5784be8ec76f30d62b25d312a10bda19487e Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Wed, 4 Jul 2018 08:58:13 +0000
Subject: [PATCH] Accepting request 620593 from
 home:AndreasStieger:branches:mozilla:Factory

add some bugzilla references

OBS-URL: https://build.opensuse.org/request/show/620593
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=411
---
 MozillaThunderbird.changes | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index 8f66a1f..a06482c 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,15 +1,15 @@
 -------------------------------------------------------------------
 Mon Jul  2 12:36:32 UTC 2018 - wr@rosenauer.org
 
-- update to Thunderbird 52.9 (bsc#1098998)
+- update to Thunderbird 52.9.0:
   MFSA 2018-16 (bsc#1098998)
   * CVE-2018-12359 (bmo#1459162)
     Buffer overflow using computed size of canvas element
   * CVE-2018-12360 (bmo#1459693)
     Use-after-free when using focus()
-  * CVE-2018-12372 (bmo#1419417)
+  * CVE-2018-12372 (bmo#1419417, bsc#1100082)
     S/MIME and PGP decryption oracles can be built with HTML emails
-  * CVE-2018-12373 (bmo#1464667, bmo#1464056)
+  * CVE-2018-12373 (bmo#1464667, bmo#1464056, bsc#1100079)
     S/MIME plaintext can be leaked through HTML reply/forward
   * CVE-2018-12362 (bmo#1452375)
     Integer overflow in SSSE3 scaler
@@ -21,13 +21,21 @@ Mon Jul  2 12:36:32 UTC 2018 - wr@rosenauer.org
     Compromised IPC child process can list local filenames
   * CVE-2018-12366 (bmo#1464039)
     Invalid data handling during QCMS transformations
-  * CVE-2018-12374 (bmo#1462910)
+  * CVE-2018-12374 (bmo#1462910, bsc#1100081)
     Using form to exfiltrate encrypted mail part by pressing enter in form field
   * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
     bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
     bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
     bmo#1464079,bmo#1463494,bmo#1458048)
     Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
+  * Thunderbird will now prompt to compact IMAP folders even if the
+    account is online
+  * Option for not decrypting subordinate message parts that
+    otherwise might reveal decryted content to the attacker. 
+    Preference mailnews.p7m_subparts_external needs to be set to
+    true for added security.
+  * Fix various problems when forwarding messages inline when using
+    "simple" HTML view    
 - correct requires and provides handling (boo#1076907)
 - reduce memory footprint with %ix86 at linking time via additional
   compiler flags (boo#1091376)