From e3be4ae3e0271dec97248a0365434b3219b4d30a6bc00cc21f680ff76d5a7713 Mon Sep 17 00:00:00 2001
From: Wolfgang Rosenauer <wolfgang@rosenauer.org>
Date: Thu, 9 Mar 2017 16:34:03 +0000
Subject: [PATCH] - update to Thunderbird 45.8.0 (boo#1028391)   * MFSA 2017-07
     CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP                   
 (bmo#1334933)     CVE-2017-5401: Memory Corruption when handling ErrorResult 
                   (bmo#1328861)     CVE-2017-5402: Use-after-free working
 with events in FontFace                    objects (bmo#1334876)    
 CVE-2017-5404: Use-after-free working with ranges in selections              
      (bmo#1340138)     CVE-2017-5407: Pixel and history stealing via
 floating-point                    timing side channel with SVG filters
 (bmo#1336622)     CVE-2017-5410: Memory corruption during JavaScript garbage 
                   collection incremental sweeping (bmo#1330687)    
 CVE-2017-5408: Cross-origin reading of video captions in violation           
         of CORS (bmo#1313711)     CVE-2017-5405: FTP response codes can cause
 use of                    uninitialized values for ports (bmo#1336699)    
 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and                   
 Firefox ESR 45.8

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=355
---
 MozillaThunderbird.changes | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes
index d654d97..aba51d1 100644
--- a/MozillaThunderbird.changes
+++ b/MozillaThunderbird.changes
@@ -1,7 +1,26 @@
 -------------------------------------------------------------------
 Tue Mar  7 15:08:23 UTC 2017 - wr@rosenauer.org
 
-- update to Thunderbird 45.8.0
+- update to Thunderbird 45.8.0 (boo#1028391)
+  * MFSA 2017-07
+    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+                   (bmo#1334933)
+    CVE-2017-5401: Memory Corruption when handling ErrorResult
+                   (bmo#1328861)
+    CVE-2017-5402: Use-after-free working with events in FontFace
+                   objects (bmo#1334876)
+    CVE-2017-5404: Use-after-free working with ranges in selections
+                   (bmo#1340138)
+    CVE-2017-5407: Pixel and history stealing via floating-point
+                   timing side channel with SVG filters (bmo#1336622)
+    CVE-2017-5410: Memory corruption during JavaScript garbage
+                   collection incremental sweeping (bmo#1330687)
+    CVE-2017-5408: Cross-origin reading of video captions in violation
+                   of CORS (bmo#1313711)
+    CVE-2017-5405: FTP response codes can cause use of
+                   uninitialized values for ports (bmo#1336699)
+    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
+                   Firefox ESR 45.8
 
 -------------------------------------------------------------------
 Thu Feb  9 07:49:54 UTC 2017 - wr@rosenauer.org