* new behavior was introduced for replies to mailing list posts:

"When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=386

MozillaThunderbird.changes

@@ -2,6 +2,33 @@
 Wed Oct  4 09:18:39 UTC 2017 - astieger@suse.com
 
 - Mozilla Thunderbird 52.4.0 (bsc#1060445)
+  * new behavior was introduced for replies to mailing list posts:
+    "When replying to a mailing list, reply will be sent to address
+    in From header ignoring Reply-to header". A new preference
+    mail.override_list_reply_to allows to restore the previous behavior.
+  * Under certain circumstances (image attachment and non-image
+    attachment), attached images were shown truncated in messages
+    stored in IMAP folders not synchronised for offline use.
+  * IMAP UIDs > 0x7FFFFFFF now handled properly
+  Security fixes from Gecko 52.4esr
+  * CVE-2017-7793 (bmo#1371889)
+    Use-after-free with Fetch API
+  * CVE-2017-7818 (bmo#1363723)
+    Use-after-free during ARIA array manipulation
+  * CVE-2017-7819 (bmo#1380292)
+    Use-after-free while resizing images in design mode
+  * CVE-2017-7824 (bmo#1398381)
+    Buffer overflow when drawing and validating elements with ANGLE
+  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
+    Use-after-free in TLS 1.2 generating handshake hashes
+  * CVE-2017-7814 (bmo#1376036)
+    Blob and data URLs bypass phishing and malware protection warnings
+  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
+    OS X fonts render some Tibetan and Arabic unicode characters as spaces
+  * CVE-2017-7823 (bmo#1396320)
+    CSP sandbox directive did not create a unique origin
+  * CVE-2017-7810
+    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
 
 -------------------------------------------------------------------
 Thu Sep 28 07:56:22 UTC 2017 - dimstar@opensuse.org

MozillaThunderbird.spec

@@ -19,7 +19,7 @@
 
 %define mainversion 52.4.0
 %define update_channel release
-%define releasedate 201710030000
+%define releasedate 201710040000
 
 %bcond_without mozilla_tb_kde4
 %bcond_with    mozilla_tb_valgrind
@@ -43,7 +43,7 @@ BuildRequires:  libgnomeui-devel
 BuildRequires:  libidl-devel
 BuildRequires:  libnotify-devel
 BuildRequires:  mozilla-nspr-devel >= 4.13.1
-BuildRequires:  mozilla-nss-devel >= 3.28.5
+BuildRequires:  mozilla-nss-devel >= 3.28.6
 BuildRequires:  python
 BuildRequires:  startup-notification-devel
 BuildRequires:  unzip

compare-locales.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:130eda0cb593149056c648b60c8febe5903577d41ed5913bfb8c76757824ee58
-size 28484
+oid sha256:ff8e61e8497eedc3c4526d40bac0a1ef00621cebc68ef0bbd652c26edca0071d
+size 28372

l10n-52.4.0.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:944cf1027aaee2dcb6f02cf75fe378453598acad289e5d1350ae424ef8434888
-size 26055836
+oid sha256:636948bdb506cf2a31cac5a0398166eb26ad119d7a0850b4dc648339ff0abb8b
+size 26197408

thunderbird-52.4.0-source.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:74b3a5fbc67037718747c84810442550eb78fd4d7e603059616d47562d0e67f7
-size 241677432
+oid sha256:e89f460319d4671b86d99815300c27523d7a07a3952374f6ccfdc028cd59dc30
+size 240372488