Accepting request 452925 from home:AndreasStieger:branches:mozilla:Factory

Adjust CVE list as perMFSA 2017-03 OBS-URL: https://build.opensuse.org/request/show/452925 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=350
2017-01-27 13:27:58 +00:00 · 2017-01-27 13:27:58 +00:00 · 9af44ffd70
commit 9af44ffd70
parent cd4d95cddf
1 changed files with 6 additions and 5 deletions
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@ -7,7 +7,10 @@ Tue Jan 24 20:43:57 UTC 2017 - wr@rosenauer.org
  * "Move To" button on "Search Messages" panel not working
  * Message sent to "undisclosed recipients" shows no recipient
    (non-functional since Thunderbird version 38)
-  * MFSA 2017-02 (Gecko 45.7.0)
+  * Security updates from MFSA 2017-03 (Gecko 45.7.0) boo#1021991.
+    In general, these flaws cannot be exploited through email in
+    Thunderbird because scripting is disabled when reading mail,
+    but are potentially risks in browser or browser-like contexts:
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
@ -21,10 +24,8 @@ Tue Jan 24 20:43:57 UTC 2017 - wr@rosenauer.org
                   (bmo#1329403, boo#1021821)
    CVE-2017-5383: Location bar spoofing with unicode characters
                   (bmo#1323338, bmo#1324716, boo#1021822)
-    CVE-2017-5386: WebExtensions can use data: protocol to affect other
-                   extensions (bmo#1319070, boo#1021823)
-    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
-                   Firefox ESR 45.7 (boo#1021824)
+    CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
+                   (boo#1021824)

 -------------------------------------------------------------------
 Thu Dec 29 08:33:21 UTC 2016 - wr@rosenauer.org