rpm/MozillaThunderbird
SHA256
1
0
Fork 0
forked from pool/MozillaThunderbird
Code Pull Requests Activity

Accepting request 489077 from home:AndreasStieger:branches:mozilla:Factory

Browse Source 
Adding changelog entries for 52:

- security fixes (bsc#1028391, MFSA 2017-09):
  In general, these flaws cannot be exploited through email because
  scripting is disabled when reading mail, but are potentially
  risks in browser or browser-like contexts.
  * CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
  * CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
  * CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
  * CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
  * CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
  * CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
  * CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
  * CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
  * CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
  * CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
  * CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
  * CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
  * CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
  * CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
  * CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
  * CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
  * CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
  * CVE-2017-5421: Print preview spoofing (bmo#1301876)
  * CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
  * CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
  * CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8

OBS-URL: https://build.opensuse.org/request/show/489077
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=363
This commit is contained in:
Wolfgang Rosenauer 2017-04-18 12:03:08 +00:00 committed by Git OBS Bridge
parent 8699f618bd
commit cb96a9588a
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
MozillaThunderbird.changes
View File

@ -19,6 +19,31 @@ Sat Mar 18 21:06:01 UTC 2017 - wr@rosenauer.org
* Chat: Liking and favoriting in Twitter
* Chat: Removed Yahoo! Messenger support
* serveral bugfixes
- security fixes (bsc#1028391, MFSA 2017-09):
In general, these flaws cannot be exploited through email because
scripting is disabled when reading mail, but are potentially
risks in browser or browser-like contexts.
* CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP (bmo#1334933)
* CVE-2017-5401: Memory Corruption when handling ErrorResult (bmo#1328861)
* CVE-2017-5402: Use-after-free working with events in FontFace objects (bmo#1334876)
* CVE-2017-5403: Use-after-free using addRange to add range to an incorrect root object (bmo#1340186)
* CVE-2017-5404: Use-after-free working with ranges in selections (bmo#1340138)
* CVE-2017-5406: Segmentation fault in Skia with canvas operations (bmo#1306890)
* CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters (bmo#1336622)
* CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping (bmo#1330687)
* CVE-2017-5408: Cross-origin reading of video captions in violation of CORS (bmo#1313711)
* CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
* CVE-2017-5413: Segmentation fault during bidirectional operations (bmo#1337504)
* CVE-2017-5414: File picker can choose incorrect default directory (bmo#1319370)
* CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
* CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf filter is running (bmo#1257361)
* CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization responses (bmo#1338876)
* CVE-2017-5419: Repeated authentication prompts lead to DOS attack (bmo#1312243)
* CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports (bmo#1336699)
* CVE-2017-5421: Print preview spoofing (bmo#1301876)
* CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one hyperlink (bmo#1295002)
* CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
* CVE-2017-5398: Memory safety bugs fixed in Thunderbird 52 and Thunderbird 45.8
- removed obsolete patches
* mozilla-aarch64-48bit-va.patch
* mozilla-binutils-visibility.patch