- Mozilla Thunderbird 60.9.0

* Offer to configure Exchange accounts for Office365. A third-party
    add-on is required for this account type. IMAP still exists as alternative.
  MFSA 2019-27
  * Use-after-free while manipulating video
    CVE-2019-11746 (bmo#1564449)
  * XSS by breaking out of title and textarea elements using innerHTML
    CVE-2019-11744 (bmo#1562033)
  * Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
    CVE-2019-11742 (bmo#1559715)
  * Use-after-free while extracting a key value in IndexedDB
    CVE-2019-11752 (bmo#1501152)
  * Sandbox escape through Firefox Sync
    CVE-2019-9812 (bmo#1538008, bmo#1538015)
  * Cross-origin access to unload event attributes
    CVE-2019-11743 (bmo#1560495)
    Navigation-Timing Level 2 specification
  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
    CVE-2019-11740 (bmo#1563133, bmo#1573160)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=482

MozillaThunderbird.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Fri Sep  6 12:09:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Thunderbird 60.9.0
+  * Offer to configure Exchange accounts for Office365. A third-party
+    add-on is required for this account type. IMAP still exists as alternative.
+  MFSA 2019-27
+  * Use-after-free while manipulating video
+    CVE-2019-11746 (bmo#1564449)
+  * XSS by breaking out of title and textarea elements using innerHTML
+    CVE-2019-11744 (bmo#1562033)
+  * Same-origin policy violation with SVG filters and canvas to steal
+    cross-origin images
+    CVE-2019-11742 (bmo#1559715)
+  * Use-after-free while extracting a key value in IndexedDB
+    CVE-2019-11752 (bmo#1501152)
+  * Sandbox escape through Firefox Sync
+    CVE-2019-9812 (bmo#1538008, bmo#1538015)
+  * Cross-origin access to unload event attributes
+    CVE-2019-11743 (bmo#1560495)
+    Navigation-Timing Level 2 specification
+  * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+    CVE-2019-11740 (bmo#1563133, bmo#1573160)
+
 -------------------------------------------------------------------
 Thu Aug  1 11:12:05 UTC 2019 - Tristan Miller <psychonaut@nothingisreal.com>
 

MozillaThunderbird.spec

@@ -17,9 +17,9 @@
 #
 
 
-%define mainversion 60.8.0
+%define mainversion 60.9.0
 %define update_channel release
-%define releasedate 20190703133823
+%define releasedate 20190902145622
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:b3a37a47153044ed6f702dad451f4920496831732a26d9fb4fecc1b239b153f2
-size 28396
+oid sha256:54f7cb6e3d25e9133320a7b031b2821e4dc514fa3d6c32b76f79cca0ca1e82f5
+size 28512

create-tar.sh

@@ -2,9 +2,9 @@
 
 CHANNEL="esr60"
 BRANCH="releases/comm-$CHANNEL"
-RELEASE_TAG="ef6b0f0be269d5b7314fe9b359604c9f4f541055"
-MOZ_RELEASE_TAG="eb76765892cfd646d3014e5f3b8df8c6753da2d2"
-VERSION="60.8.0"
+RELEASE_TAG="7df22fd675a09804bc39fe54614ca7a68ffdcd68"
+MOZ_RELEASE_TAG="887a438d43fa73e603704d02ea6756ea4e69eb1d"
+VERSION="60.9.0"
 VERSION_SUFFIX=""
 LOCALE_FILE="thunderbird-$VERSION/comm/mail/locales/l10n-changesets.json"
 

l10n-60.8.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b5111cb9b9c07a69f34ffa43fdf76c515051a8e3dd3f3dbc41486f8090e442a3
-size 27456032

l10n-60.9.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ddc34550e843aab7beb40c8461451d4fbfe3bcedb832892ff11081f71abe4f2d
+size 27532252

thunderbird-60.8.0.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1e7a13e64b63476d2235aaac6823fdab949af45cfcd5a25ee710cbae08c2f5d1
-size 285643576

thunderbird-60.8.0.source.tar.xz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.14 (GNU/Linux)
-
-iQIcBAABCAAGBQJdHMn9AAoJEPGmZo+7fVcuq9AP/R/rhtQqqr1y6I9+qrJPPJJy
-/fNWEOj2jIoooGh4d7hdne0elSF7ZS93BLhGSwV/AdZMdAY3cpfrmFpFV/hmswmX
-KSWMWIc2EBnv4lypDAz9tiLdIh8sMnYR3sW6RdTYWg3puG1oi0Jvl0aHGx8WlLUN
-9ntkMF5SLv2Mka+R1EOJ86mJW6+4s/AULRIy2BmlpHOAYMf5DrA6uelpHNhwTBjg
-IJpw1yggflF2ZV6uJbX+0RgMOHg3bmnP/zDO/9wFRrYHV7DXU3GVoeHqaze8iDzI
-c4SgHU69aK/yvp2hVdDuJP/5Ig0jks33ZB5p6r28oXXO5F975+V8hYEJuu0/pEX6
-jp3fY11NtnJyV8O1fYvO+TEfo8QCAaceihRPSxBuEBzwyMyTg/iVlDXjzhttCDz3
-s7fAdbDusH4LqfSYsT9jHlforPJMHrKnLbxGoExOMMTZvK8gQhiEt/L3TETOXt11
-UIFEwm6U0pq8CJHxW0TvbIi40GQ0F4pjd4KL9BS0eSy3aRJiiqMxicf962ZIGTmh
-9JhzDzqjkFln6k0O24AVklUNQtwk8wxo9e9yv6mJIlradiLa8Itp1JpJgzotOKaP
-Q9LrBbalbL60xduonuXHY8V9jyiEEYTkGPW+Si5Zbzo0/8wqQhoYgJKmXu7hSzy4
-AiHlIw7tCxY3ht3djoup
-=KlRT
------END PGP SIGNATURE-----

thunderbird-60.9.0.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8818180658aeb8853de4cf381700e32907b361f0958bcce78f1590c6962d2d86
+size 286400364

thunderbird-60.9.0.source.tar.xz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iQIcBAABCAAGBQJdbtvuAAoJEPGmZo+7fVcuHQgQAIzta3TWhspqaHixVAruX078
+ory1MSnV81dc96IQPB5qBk/wgHPv3H0SFMxbmvdSr2NSWzbVj/W6oxRJ+rZ0JlyS
+1nLqTqQrXwoSoI4er/uNAAwhbmSAgVSLx1ImTk6sIgNeofaTrS0dTo5PlFJPgosg
+SmK9EjwupoWirysN1cjTbH8DxJcgYYd+S4nkdbbJY8UTruYRjrbol4fOCzvNmYB6
+2og4ZOSivsAq0m6eDbjiQvMW3dJZw5mOW0sGCs4OF8Qi16Jaa8FjCjNGRwE1e5jg
+IYOS/tgON1fdfTVE4I0YlGPHqx1PH1OLeO9WjcNyW+3HMwZs2A0YrOA7I+0x8RIf
+oQ4vJSKBugNF9Z0kHh3qBUD5sJt9y/++YffxzgK3Z9sqmPkyzj//R6wzk81sA2xx
+Lpeb6an08+MKvgT/EoLtZ/1isnbQVTu1/hwQVr9KNWLsbxvb4vl5oteRgZpUM1Fa
+9Au6Nr/CxtWV1prmOPVwfDaC5j9ca2afJWiW4VSBiY0KUXl/rvn0VXD8P7SmcqgT
+J5gh9MghSdDjb8YLM5/RGaGgvEVe6nf289N5BkOfUW5uGFPpXxaLvszatTqm9kAP
+ciwqNECbAeo7sdrPIS79//eR2hHlOa2Lp4WWdDcFEgHD/cCsMjdZ04Q2qf0GYmgP
+/33tvnMsRIa6invZ6ONt
+=q4oW
+-----END PGP SIGNATURE-----