1
0

- Mozilla Thunderbird 91.5.0

https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
  MFSA 2022-03 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation event
  * CVE-2022-22744 (bmo#1737252)
    The 'Copy as curl' feature in DevTools did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2022-22747 (bmo#1735028)
    Crash when handling empty pkcs7 sequence
  * CVE-2022-22739 (bmo#1744158)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=620
This commit is contained in:
Wolfgang Rosenauer 2022-01-11 22:11:21 +00:00 committed by Git OBS Bridge
parent 794263a781
commit ed5ea29202
9 changed files with 68 additions and 29 deletions

View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Fri Jan 7 16:13:57 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Thunderbird 91.5.0
https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
MFSA 2022-03 (bsc#1194547)
* CVE-2022-22746 (bmo#1735071)
Calling into reportValidity could have lead to fullscreen
window spoof
* CVE-2022-22743 (bmo#1739220)
Browser window spoof using fullscreen mode
* CVE-2022-22742 (bmo#1739923)
Out-of-bounds memory access when inserting text in edit mode
* CVE-2022-22741 (bmo#1740389)
Browser window spoof using fullscreen mode
* CVE-2022-22740 (bmo#1742334)
Use-after-free of ChannelEventQueue::mOwner
* CVE-2022-22738 (bmo#1742382)
Heap-buffer-overflow in blendGaussianBlur
* CVE-2022-22737 (bmo#1745874)
Race condition when playing audio files
* CVE-2021-4140 (bmo#1746720)
Iframe sandbox bypass with XSLT
* CVE-2022-22748 (bmo#1705211)
Spoofed origin on external protocol launch dialog
* CVE-2022-22745 (bmo#1735856)
Leaking cross-origin URLs through securitypolicyviolation event
* CVE-2022-22744 (bmo#1737252)
The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2022-22747 (bmo#1735028)
Crash when handling empty pkcs7 sequence
* CVE-2022-22739 (bmo#1744158)
Missing throttling on external protocol launch dialog
* CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, bmo#1743221,
bmo#1743515, bmo#1745373, bmo#1746011)
Memory safety bugs fixed in Thunderbird 91.5
-------------------------------------------------------------------
Tue Dec 28 20:20:30 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>

View File

@ -1,7 +1,7 @@
#
# spec file
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
# 2006-2021 Wolfgang Rosenauer <wr@rosenauer.org>
#
# All modifications and additions to the file contributed by third parties
@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 91
%define mainver %major.4.1
%define orig_version 91.4.1
%define mainver %major.5.0
%define orig_version 91.5.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{orig_version}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:58357a0157b34de992f4a7c2c5a35bcbd956d11b0b0061df97bcfcefb4a594da
size 28646024

3
l10n-91.5.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a3fdd64670634c9337473d4a6f59191103ca0584047cf258da5db22966e65156
size 28627244

View File

@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr91"
VERSION="91.4.1"
VERSION="91.5.0"
VERSION_SUFFIX=""
PREV_VERSION="91.4.0"
PREV_VERSION="91.4.1"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"
RELEASE_TAG="11529576c3a7d89514771d1e0f5fa116eef29b81"
RELEASE_TIMESTAMP="20211216022855"
RELEASE_TAG="bcd2aab51cd0889d506d29455210d65602b97430"
RELEASE_TIMESTAMP="20220106182030"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f1079ed2cbd335a417b18929c5018d8ade9fb1d0c8cba9fdb2b6d672f14074f1
size 408805472

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmG8fOQACgkQ6+QekPbx
L21alhAAs680nSh8Q0nZxEE9mfOtLSpRWlal5KsPwGxVobNZ9wbiAiqSKgA1dNHp
AxqxUTt5ZGlvICzSKBrssvZyNyw1V4wLXYW4RDRTzeFPSCeAANdi6/pOue+E1AYB
XMiw69ZlfT6OtRh5iQiuYVtfectOVBV+92ZxBvBv3sJcLhWen4Jbr9I+yhRl31Hs
m3VtPMg4m3S6nxSQaZkErkFrg8hVCOxxkCF8gycpRTQGVc4qYpuuutIH8aCITGpM
cdauOamSF83XXQB9HZqp4deGhYxS0Zt8RkfGGM5C2oMPnoaoOcKM5g7SHk9oFqyn
rmUZ+YweV8D6dhzTFkwLtJ2l0u7jpmfF59VjYqPDDmjkr0OE+48ilNdwir03rgAj
s5ptGkqI62AFSeekj2vDMBHRpmgZW/xOBO6Lg0s1NIyySr8k1NrmGQLYWeGaFbcR
NICrlXKaLJVXFE/yOPO5jB3qff3foulWENP2WZtvuzJFMg/TxvgKL9fl0f9EShWm
SIV1zD65BxU7K4KzGKhd2L/IAj28XmhtHwccF9gWlLQALtsLfoAK+acVKwje/aQQ
1MxvvNp0Rt1vpdDwNWzT5KNIJgZ1Tu6oBe/f6jJXAo44wWGEwRrdlqZG5KnlkWEi
2a5SeGmXjkwyF++bxsYQ4sbsM7f7/lyQy0yETa/2XFW0ipRgBig=
=cguv
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b89a8e1b57d5be828a7346e817120d7c763a258a2397a23393b7ceb3ce810ab2
size 405937856

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEQ2D+IQnEl2MYb44h6+QekPbxL20FAmHXnp8ACgkQ6+QekPbx
L23cexAAg90hG/vxcAKjy6JNVpKIa7eZOZUbyHAe8pJU8+L58tMIkFciF3vI1cDN
/qgjHXX/3ZOI797QRVBgnKBcys3hz0TRX0w942jAnnV9rIeFSZ656WbJOUroucHY
4Cn1C5Vu7s77Y3AbUgMKP+/xgMhSXiHB5LfC/J4LT5gIkM5+X9cebnMctFvyUasK
WqDPXvqB92u+qSYNo3Uof8OA3i6olNZYyP7PpHh3R23Z95rrBb4D2AroU+7Z2YXy
qJkQjLcVApggbCfUGeiL5qBVJFUQYypTN4o9BxJdkp789rWWXgeSfrgA4vD+uraz
dFtmv+SrITST3ToPszf3nfPC8km2Nb90IArJO/fIJuRF3oxsKq0ZgHdj1XmzIpsR
uzyXGvGTfCmLjhkOAE8DTx/tnIt1DOFcVvGue6hifDFwUbejSbYV0vGiZpQ+f26W
Q7IdrDF2kpgtznBfpobaMANXWT63MyrY1ryZQxOEKqdt/KZpCwxCc01gYCodOSoK
9T/j+JSI0tAtW7v+3VMnagqpEJ4EXPWUzs8xkZJbsWkj4aZ7ndKp+TnccO1rPT5E
qCAZfAnN6SjV36KNQi/WJvDNqad1IL1oQlxNlDbRA3+Cq8UVz+6hbhCb72mhHZv/
baZWCcnYGlI7/1eh+t8PHg1wcKZTn37vFV8vvvYqnQZHaeHiV8I=
=lgac
-----END PGP SIGNATURE-----