1
0

Accepting request 632919 from home:AndreasStieger:branches:mozilla:Factory

Add changelog detail for MFSA 2018-19 (bsc#1098998)

OBS-URL: https://build.opensuse.org/request/show/632919
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=426
This commit is contained in:
Wolfgang Rosenauer 2018-09-03 20:13:55 +00:00 committed by Git OBS Bridge
parent ff674588f7
commit c08272f856
2 changed files with 48 additions and 5 deletions

View File

@ -13,10 +13,53 @@ Wed Aug 15 09:09:03 UTC 2018 - bjorn.lie@gmail.com
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 3 06:02:53 UTC 2018 - wr@rosenauer.org Fri Aug 3 06:02:53 UTC 2018 - wr@rosenauer.org
- update to Thunderbird 60.0 - update to Thunderbird 60.0:
* requires NSPR 4.19 and NSS 3.36.4 https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/
* what's new * Improved message handling and composing
https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/ * Improved handling of message templates
* Support for OAuth2 and FIDO U2F
* Various Calendar improvements
* Various fixes and changes to e-mail workflow
* Various IMAP fixes
* Native desktop notifications
- Security fixes which can not, in general, be exploited through
email, but are potential risks in browser or browser-like contexts:
MFSA 2018-19 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()
* CVE-2018-12361 (bmo#1463244)
Integer overflow in SwizzleData
* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed
during capture
* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames
* CVE-2018-12371 (bmo#1465686)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations
* CVE-2018-12367 (bmo#1462891)
Timing attack mitigation of PerformanceNavigationTiming
* CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
bmo#1463884)
Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and
Thunderbird 60
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox
ESR 52.9, and Thunderbird 60
- requires NSPR 4.19 and NSS 3.36.4
- source archives are now signed directly - source archives are now signed directly
(removed checksum signature check) (removed checksum signature check)
- imported patches from Firefox 60 - imported patches from Firefox 60

View File

@ -13,7 +13,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #