From 9af44ffd704d3e19c47b44ec0b2dbd6bb5a894191240e96b7370d0b4af110025 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Fri, 27 Jan 2017 13:27:58 +0000 Subject: [PATCH] Accepting request 452925 from home:AndreasStieger:branches:mozilla:Factory Adjust CVE list as perMFSA 2017-03 OBS-URL: https://build.opensuse.org/request/show/452925 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=350 --- MozillaThunderbird.changes | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index f23ef70..4ae0f09 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -7,7 +7,10 @@ Tue Jan 24 20:43:57 UTC 2017 - wr@rosenauer.org * "Move To" button on "Search Messages" panel not working * Message sent to "undisclosed recipients" shows no recipient (non-functional since Thunderbird version 38) - * MFSA 2017-02 (Gecko 45.7.0) + * Security updates from MFSA 2017-03 (Gecko 45.7.0) boo#1021991. + In general, these flaws cannot be exploited through email in + Thunderbird because scripting is disabled when reading mail, + but are potentially risks in browser or browser-like contexts: CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) @@ -21,10 +24,8 @@ Tue Jan 24 20:43:57 UTC 2017 - wr@rosenauer.org (bmo#1329403, boo#1021821) CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) - CVE-2017-5386: WebExtensions can use data: protocol to affect other - extensions (bmo#1319070, boo#1021823) - CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and - Firefox ESR 45.7 (boo#1021824) + CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 + (boo#1021824) ------------------------------------------------------------------- Thu Dec 29 08:33:21 UTC 2016 - wr@rosenauer.org