MozillaThunderbird

rpm/MozillaThunderbird

SHA256

Fork 0

forked from pool/MozillaThunderbird

929d950c92 Accepting request 1199551 from mozilla:Factory factory Ana Guerrero 2024-09-09 12:45:07 +0000
96fa744639 - Mozilla Thunderbird 115.15.0 MFSA 2024-44 (bsc#1229821) * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8384 (bmo#1911288) Garbage collection could mis-color cross-compartment objects in OOM conditions devel Wolfgang Rosenauer 2024-09-09 06:51:08 +0000
1e3265442f Accepting request 1192519 from mozilla:Factory Dominique Leuenberger 2024-08-09 14:14:05 +0000
a523c0c1eb MFSA 2024-38 (bsc#1228648) * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts Wolfgang Rosenauer 2024-08-08 06:18:03 +0000
e0c4462a11 115.14.0, with changelog added Wolfgang Rosenauer 2024-08-08 06:15:00 +0000
548d5068a2 Accepting request 1187370 from mozilla:Factory Ana Guerrero 2024-07-15 17:48:43 +0000
d30235b5b6 - Mozilla Thunderbird 115.13.0 * After starting Thunderbird, the message list position was sometimes set to an incorrect position MFSA 2024-30 (bsc#1226316) * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 Wolfgang Rosenauer 2024-07-14 10:15:54 +0000
9cc5c44788 Accepting request 1185328 from mozilla:Factory Ana Guerrero 2024-07-04 14:27:26 +0000
8ba563b611 Accepting request 1184892 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-07-04 07:50:23 +0000
12fa6354eb Accepting request 1181261 from mozilla:Factory Ana Guerrero 2024-06-17 17:33:19 +0000
8e5843b066 - Mozilla Thunderbird 115.12.0 https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes MFSA 2024-28 (bsc#1226027) * CVE-2024-5702 (bmo#1193389) Use-after-free in networking * CVE-2024-5688 (bmo#1895086) Use-after-free in JavaScript object transplant * CVE-2024-5690 (bmo#1883693) External protocol handlers leaked by timing attack * CVE-2024-5691 (bmo#1888695) Sandboxed iframes were able to bypass sandbox restrictions to open a new window * CVE-2024-5692 (bmo#1891234) Bypass of file name restrictions during saving * CVE-2024-5693 (bmo#1891319) Cross-Origin Image leak via Offscreen Canvas * CVE-2024-5696 (bmo#1896555) Memory Corruption in Text Fragments * CVE-2024-5700 (bmo#1862809, bmo#1889355, bmo#1893388, bmo#1895123) Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 Wolfgang Rosenauer 2024-06-17 08:14:14 +0000
5e31e2142b Accepting request 1179943 from mozilla:Factory Ana Guerrero 2024-06-11 16:31:01 +0000
642c037730 - Mozilla Thunderbird 115.11.1 * Added a short anonymous survey that a small number of users will be randomly asked to complete Wolfgang Rosenauer 2024-06-04 07:15:57 +0000
7c82cf4bcb Accepting request 1175556 from mozilla:Factory Ana Guerrero 2024-05-21 16:37:20 +0000
c53405a61a - Mozilla Thunderbird 115.11.0 MFSA 2024-23 (bsc#1224056) * CVE-2024-4367 (bmo#1893645) Arbitrary JavaScript execution in PDF.js * CVE-2024-4767 (bmo#1878577) IndexedDB files retained in private browsing mode * CVE-2024-4768 (bmo#1886082) Potential permissions request bypass via clickjacking * CVE-2024-4769 (bmo#1886108) Cross-origin responses could be distinguished between script and non-script content-types * CVE-2024-4770 (bmo#1893270) Use-after-free could occur when printing to PDF * CVE-2024-4777 (bmo#1878199, bmo#1893340) Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Wolfgang Rosenauer 2024-05-17 13:37:32 +0000
0763350234 Accepting request 1171966 from mozilla:Factory Ana Guerrero 2024-05-06 15:52:58 +0000
bb96f838d2 Accepting request 1171925 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-05-05 09:06:17 +0000
94e186235a Accepting request 1169354 from mozilla:Factory Ana Guerrero 2024-04-21 18:27:23 +0000
ecbf912dc5 - Mozilla Thunderbird 115.10.1 https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/ * fixed hangup introduced with 115.10.0 (bmo#1891889) Wolfgang Rosenauer 2024-04-20 13:14:08 +0000
d92bff57c9 Accepting request 1160556 from mozilla:Factory Ana Guerrero 2024-03-22 14:21:37 +0000
3ba157ec15 - LLVM18 breaks building Thunderbird on Tumbleweed; add * mozilla-fix-issues-with-llvm18.patch Wolfgang Rosenauer 2024-03-22 07:53:18 +0000
a874894d44 Accepting request 1155826 from mozilla:Factory Dominique Leuenberger 2024-03-07 17:30:09 +0000
4388f6b916 - Mozilla Thunderbird 115.8.1 https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/ MFSA 2024-11 * CVE-2024-1936 (bmo#1860977) Leaking of encrypted email subjects to other conversations Wolfgang Rosenauer 2024-03-07 08:26:29 +0000
0e6aab1e2d Accepting request 1150520 from mozilla:Factory Ana Guerrero 2024-02-26 18:45:04 +0000
d3a997ecec Accepting request 1150189 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2024-02-25 21:23:03 +0000
e3fe8edab3 Accepting request 1141172 from mozilla:Factory Ana Guerrero 2024-01-24 18:05:45 +0000
b28fc45f13 - Mozilla Thunderbird 115.7.0 https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ MFSA 2024-04 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 Wolfgang Rosenauer 2024-01-24 08:26:57 +0000
8b936efa7d Accepting request 1138352 from mozilla:Factory Ana Guerrero 2024-01-12 22:46:51 +0000
dc40555405 Accepting request 1137913 from home:MSirringhaus:branches:mozilla:Factory Wolfgang Rosenauer 2024-01-12 16:08:01 +0000
7a4d4e067c Accepting request 1134147 from mozilla:Factory Ana Guerrero 2023-12-20 20:02:30 +0000
bbc012a208 - Mozilla Thunderbird 115.6.0 https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ * Message selection misbehaved after selecting a sub-message in an expanded thread, collapsing the thread, then pressing up/down to move selection * Thunderbird now attempts to reconnect on a new connection after SMTP 4xx errors * HTML FileLink attachments used the wrong encoding MFSA 2023-55 (bsc#1217230) * CVE-2023-50762 (bmo#1862625) Truncated signed text was shown with a valid OpenPGP signature * CVE-2023-50761 (bmo#1865647) S/MIME signature accepted despite mismatching message date * CVE-2023-6856 (bmo#1843782) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver * CVE-2023-6857 (bmo#1796023) Symlinks may resolve to smaller than expected buffers * CVE-2023-6858 (bmo#1826791) Heap buffer overflow in nsTextFragment * CVE-2023-6859 (bmo#1840144) Use-after-free in PR_GetIdentitiesLayer * CVE-2023-6860 (bmo#1854669) Potential sandbox escape due to VideoBridge lack of texture validation * CVE-2023-6861 (bmo#1864118) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode * CVE-2023-6862 (bmo#1868042) Wolfgang Rosenauer 2023-12-20 08:34:54 +0000
68aa3a7dc3 Accepting request 1132769 from mozilla:Factory Ana Guerrero 2023-12-13 17:35:07 +0000
bd13e76487 - Mozilla Thunderbird 115.5.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/ Wolfgang Rosenauer 2023-12-12 22:10:43 +0000
afd0637e40 Accepting request 1129733 from mozilla:Factory Ana Guerrero 2023-11-29 20:21:06 +0000
5835378f85 - Mozilla Thunderbird 115.5.1 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes * Advanced GnuPG keys may be protected with an unexpected passphrase * OpenPGP signatures rejected due to mismatched signature timestamp now display signature timestamp and clarifying message * Advanced address book search did not return results if display name was left blank * Clicking on attendee when inviting attendees added the attendee twice Wolfgang Rosenauer 2023-11-29 07:32:44 +0000
9e1f2838a9 Accepting request 1128271 from mozilla:Factory Ana Guerrero 2023-11-23 20:41:38 +0000
480e0302f0 MFSA 2023-52 (bsc#1217230) Wolfgang Rosenauer 2023-11-23 08:16:17 +0000
55bb2ec82a - Mozilla Thunderbird 115.5.0 https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes MFSA 2023-52 (bsc#) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 Wolfgang Rosenauer 2023-11-23 08:14:02 +0000
bd0ee26f99 Accepting request 1126791 from mozilla:Factory Ana Guerrero 2023-11-16 19:28:43 +0000
328f51e3db - Mozilla Thunderbird 115.4.3 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes Wolfgang Rosenauer 2023-11-16 09:04:06 +0000
f1ace80360 Accepting request 1124229 from mozilla:Factory Ana Guerrero 2023-11-08 21:18:54 +0000
1bac4101c8 - Mozilla Thunderbird 115.4.2 https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes - build using rust/cargo 1.72 (1.69 about to be dropped from Factory) Wolfgang Rosenauer 2023-11-08 12:10:27 +0000
759308472e Accepting request 1120173 from mozilla:Factory Ana Guerrero 2023-10-25 16:03:34 +0000
62f65fe0ea - Mozilla Thunderbird 115.4.1 https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes MFSA 2023-47 (bsc#1216338) * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979, bmo#1836962) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 - removed obsolete mozilla-bmo1846703.patch Wolfgang Rosenauer 2023-10-25 06:36:45 +0000
f4ecfaed93 Accepting request 1120115 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-10-24 21:00:55 +0000
5356bd4c50 Accepting request 1116802 from mozilla:Factory Ana Guerrero 2023-10-11 21:54:45 +0000
6c4666a6b7 - Mozilla Thunderbird 115.3.2 Bugfix release https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes Wolfgang Rosenauer 2023-10-11 06:35:40 +0000
d9a56d1348 Accepting request 1114452 from mozilla:Factory Ana Guerrero 2023-10-01 19:22:40 +0000
c1979ea7d9 - Mozilla Thunderbird 115.3.1 MFSA 2023-45 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx - Add mozilla-bmo1846703.patch Wolfgang Rosenauer 2023-09-29 20:44:41 +0000
03bb18356b Accepting request 1113844 from mozilla:Factory Dominique Leuenberger 2023-09-27 22:25:51 +0000
70c5946a5c - Mozilla Thunderbird 115.3.0 https://www.thunderbird.net/en-US/thunderbird/115.3.0/releasenotes MFSA 2023-43 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 Wolfgang Rosenauer 2023-09-27 09:43:36 +0000
263916113a Accepting request 1112694 from mozilla:Factory Ana Guerrero 2023-09-21 20:22:38 +0000
d383915fad - Mozilla Thunderbird 115.2.3 Bugfix release: https://www.thunderbird.net/en-US/thunderbird/115.2.3/releasenotes Wolfgang Rosenauer 2023-09-21 06:48:37 +0000
d485729260 Accepting request 1110767 from mozilla:Factory Ana Guerrero 2023-09-13 18:44:58 +0000
a81e9b4cb4 Accepting request 1110766 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-09-12 21:29:55 +0000
9ff5d4a1b6 Accepting request 1109528 from mozilla:Factory Ana Guerrero 2023-09-07 19:13:51 +0000
45ef0c0c50 mozilla-bmo1775202.patch Wolfgang Rosenauer 2023-09-07 11:34:15 +0000
98a8bbee26 - Mozilla Thunderbird 115.2.0 https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes MFSA 2023-38 (bsc#1214606) * CVE-2023-4573 (bmo#1846687) Memory corruption in IPC CanvasTranslator * CVE-2023-4574 (bmo#1846688) Memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575 (bmo#1846689) Memory corruption in IPC FilePickerShownCallback * CVE-2023-4576 (bmo#1846694) Integer Overflow in RecordedSourceSurfaceCreation * CVE-2023-4577 (bmo#1847397) Memory corruption in JIT UpdateRegExpStatics * CVE-2023-4051 (bmo#1821884) Full screen notification obscured by file open dialog * CVE-2023-4578 (bmo#1839007) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * CVE-2023-4053 (bmo#1839079) Full screen notification obscured by external program * CVE-2023-4580 (bmo#1843046) Push notifications saved to disk unencrypted * CVE-2023-4581 (bmo#1843758) XLL file extensions were downloadable without warnings * CVE-2023-4582 (bmo#1773874) Buffer Overflow in WebGL glGetProgramiv * CVE-2023-4583 (bmo#1842030) Browsing Context potentially not cleared when closing Private Window * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080, Wolfgang Rosenauer 2023-08-31 07:59:41 +0000
f3bf95db38 Accepting request 1102113 from mozilla:Factory Dominique Leuenberger 2023-08-03 15:29:27 +0000
da50d4ab72 - Mozilla Thunderbird 102.14.0 MFSA 2023-32 (bsc#1213746) * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 Wolfgang Rosenauer 2023-08-03 04:29:56 +0000
a858e257a4 Accepting request 1101575 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-07-31 18:28:50 +0000
08933f69a0 Accepting request 1100766 from mozilla:Factory Ana Guerrero 2023-07-26 11:24:38 +0000
c92ecfd31b - Mozilla Thunderbird 102.13.1 MFSA 2023-28 * CVE-2023-3417 (bmo#1835582) File Extension Spoofing using the Text Direction Override Character Wolfgang Rosenauer 2023-07-26 07:30:19 +0000
fbaa0b6684 Accepting request 1097755 from mozilla:Factory Dominique Leuenberger 2023-07-09 18:39:07 +0000
a450a78f9c - Mozilla Thunderbird 102.13.0 * Upstream RNP version numbers now recognized as official in about:support MFSA 2023-24 (bsc#1212438) * CVE-2023-37201 (bmo#1826002) Use-after-free in WebRTC certificate generation * CVE-2023-37202 (bmo#1834711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-37207 (bmo#1816287) Fullscreen notification obscured * CVE-2023-37208 (bmo#1837675) Lack of warning when opening Diagcab files * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, bmo#1836550, bmo#1837450) Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 - mozilla-llvm16.patch has been applied upstream, remove it here Wolfgang Rosenauer 2023-07-08 18:44:08 +0000
545394691f Accepting request 1091973 from mozilla:Factory Dominique Leuenberger 2023-06-11 17:54:52 +0000
8ab03d7649 Accepting request 1091941 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2023-06-10 10:47:23 +0000
40c3790c5c Accepting request 1089289 from mozilla:Factory Dominique Leuenberger 2023-05-27 18:38:25 +0000
4055c03185 - Mozilla Thunderbird 102.11.2 * fixed POP3 regressions ins 102.11.1 * https://www.thunderbird.net/en-US/thunderbird/102.11.2/releasenotes/ Thunderbird 102.11.1 * https://www.thunderbird.net/en-US/thunderbird/102.11.1/releasenotes/ Wolfgang Rosenauer 2023-05-27 08:18:22 +0000
1fafb69c4a Accepting request 1086176 from mozilla:Factory Dominique Leuenberger 2023-05-11 10:33:56 +0000
23380907bc - Mozilla Thunderbird 102.11.0 * https://www.thunderbird.net/en-US/thunderbird/102.11.0/releasenotes MFSA 2023-18 (bsc#1211175) * CVE-2023-32205 (bmo#1753339, bmo#1753341) Browser prompts could have been obscured by popups * CVE-2023-32206 (bmo#1824892) Crash in RLBox Expat driver * CVE-2023-32207 (bmo#1826116) Potential permissions request bypass via clickjacking * CVE-2023-32211 (bmo#1823379) Content process crash due to invalid wasm code * CVE-2023-32212 (bmo#1826622) Potential spoof due to obscured address bar * CVE-2023-32213 (bmo#1826666) Potential memory corruption in FileReader::DoReadData() * CVE-2023-32214 (bmo#1828716) Potential DoS via exposed protocol handlers * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210, bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359, bmo#1830186) Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 Wolfgang Rosenauer 2023-05-11 06:49:50 +0000
4d249b21a0 Accepting request 1083507 from mozilla:Factory Dominique Leuenberger 2023-04-28 14:24:28 +0000
96ebf6f723 - Mozilla Thunderbird 102.10.1 * https://www.thunderbird.net/en-US/thunderbird/102.10.1/releasenotes Wolfgang Rosenauer 2023-04-28 10:10:31 +0000
b9156650b9 Accepting request 1078519 from mozilla:Factory Dominique Leuenberger 2023-04-12 10:51:34 +0000
376ac03b18 * New messages will automatically select S/MIME if configured and OpenPGP is not * Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time MFSA 2023-15 (bsc#1210212) * CVE-2023-29531 (bmo#1794292) Out-of-bound memory access in WebGL on macOS * CVE-2023-29532 (bmo#1806394) Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533 (bmo#1798219, bmo#1814597) Fullscreen notification obscured * MFSA-TMP-2023-0001 (bmo#1819244) Double-free in libwebp * CVE-2023-29535 (bmo#1820543) Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536 (bmo#1821959) Invalid free from JavaScript code * CVE-2023-0547 (bmo#1811298) Revocation status of S/Mime recipient certificates was not checked * CVE-2023-29479 (bmo#1824978) Hang when processing certain OpenPGP messages * CVE-2023-29539 (bmo#1784348) Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541 (bmo#1810191) Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542 (bmo#1810793, bmo#1815062) Bypass of file download extension restrictions * CVE-2023-29545 (bmo#1823077) Wolfgang Rosenauer 2023-04-11 20:58:19 +0000
7a75a56779 - Mozilla Thunderbird 102.10.0 - add mozilla-llvm16.patch trying to fix build with LLVM16 Wolfgang Rosenauer 2023-04-06 13:55:17 +0000
b695ba5251 - Mozilla Thunderbird 102.9.1 MFSA 2023-12 * CVE-2023-28427 (bmo#1822595) Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack Wolfgang Rosenauer 2023-03-29 12:48:43 +0000
121088b5d4 Accepting request 1074474 from mozilla:Factory Dominique Leuenberger 2023-03-27 16:15:46 +0000
3d74973d59 - add gcc13-fix.patch to support current Tumbleweed Wolfgang Rosenauer 2023-03-26 16:31:37 +0000
596c12be2a Accepting request 1072474 from mozilla:Factory Dominique Leuenberger 2023-03-16 21:59:08 +0000
b8ddf94b52 - build using rust 1.67 Wolfgang Rosenauer 2023-03-16 13:11:48 +0000
34b61a3e8e - Mozilla Thunderbird 102.9.0 * https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes MFSA 2023-11 (bsc#1209173)) * CVE-2023-25751 (bmo#1814899) Incorrect code generation during JIT compilation * CVE-2023-28164 (bmo#1809122) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28162 (bmo#1811327) Invalid downcast in Worklets * CVE-2023-25752 (bmo#1811627) Potential out-of-bounds when accessing throttled streams * CVE-2023-28163 (bmo#1817768) Windows Save As dialog resolved environment variables * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674) Memory safety bugs fixed in Thunderbird 102.9 - update create-tar.sh Wolfgang Rosenauer 2023-03-16 10:35:50 +0000
acf3a2ecce Accepting request 1066604 from mozilla:Factory Dominique Leuenberger 2023-02-19 17:19:17 +0000
7e7b48d551 - Mozilla Thunderbird 102.8.0 * https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes MFSA 2023-07 (bsc#1208144) * CVE-2023-0616 (bmo#1806507) User Interface lockup with messages combining S/MIME and OpenPGP * CVE-2023-25728 (bmo#1790345) Content security policy leak in violation reports using iframes * CVE-2023-25730 (bmo#1794622) Screen hijack via browser fullscreen mode * CVE-2023-0767 (bmo#1804640) Arbitrary memory write via PKCS 12 in NSS * CVE-2023-25735 (bmo#1810711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-25737 (bmo#1811464) Invalid downcast in SVGUtils::SetupStrokeGeometry * CVE-2023-25738 (bmo#1811852) Printing on Windows could potentially crash Thunderbird with some device drivers * CVE-2023-25739 (bmo#1811939) Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * CVE-2023-25729 (bmo#1792138) Extensions could have opened external schemes without user knowledge * CVE-2023-25732 (bmo#1804564) Out of bounds memory write from EncodeInputStream * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338) Opening local .url files could cause unexpected network loads * CVE-2023-25742 (bmo#1813424) Web Crypto ImportKey crashes tab * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628, bmo#1810536) Wolfgang Rosenauer 2023-02-19 09:41:40 +0000
2c2886161d Accepting request 1063880 from mozilla:Factory Dominique Leuenberger 2023-02-09 15:22:04 +0000
c38dd3ccb4 - Mozilla Thunderbird 102.7.2 * Various crash fixes Wolfgang Rosenauer 2023-02-08 08:58:24 +0000
b47fc1bbef Accepting request 1062396 from mozilla:Factory Dominique Leuenberger 2023-02-02 17:07:12 +0000
2f400cc863 - Mozilla Thunderbird 102.7.1 * Microsoft Office 365 accounts were unable to authenticate * https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/ MFSA 2023-04 * CVE-2023-0430 (bmo#1769000) Revocation status of S/Mime signature certificates was not checked - update create-tar.sh Wolfgang Rosenauer 2023-02-01 07:54:38 +0000
45a06d9fa7 Accepting request 1044166 from mozilla:Factory Dominique Leuenberger 2022-12-23 09:20:59 +0000
6d02f7716c - Mozilla Thunderbird 102.6.1 * Remote content did not load in user-defined signatures * Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall * Various stability improvements MFSA 2022-54 * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions Wolfgang Rosenauer 2022-12-22 07:44:57 +0000
f53b7f67a3 Accepting request 1042791 from mozilla:Factory Dominique Leuenberger 2022-12-15 18:23:40 +0000
16ebad9cce - Mozilla Thunderbird 102.6.0 https://www.thunderbird.net/en-US/thunderbird/102.6.0/releasenotes/ MFSA 2022-53 (bsc#1206242) * CVE-2022-46880 (bmo#1749292) Use-after-free in WebGL * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46881 (bmo#1770930) Memory corruption in WebGL * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46882 (bmo#1789371) Use-after-free in WebGL * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Thunderbird 102.6 - removed obsolete patches mozilla-newer-cbindgen.patch mozilla-glibc236.patch Wolfgang Rosenauer 2022-12-13 21:35:47 +0000
bda93eedba Accepting request 1039407 from mozilla:Factory Dominique Leuenberger 2022-12-02 12:12:40 +0000
8e5a394a01 - Mozilla Thunderbird 102.5.1 MFSA 2022-50 * CVE-2022-45414 (bmo#1788096) Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content Wolfgang Rosenauer 2022-12-01 21:40:36 +0000
e387b3a5d8 Accepting request 1036233 from mozilla:Factory Dominique Leuenberger 2022-11-17 16:24:06 +0000
d0799f3ab3 - Mozilla Thunderbird 102.5.0 * changes and fixes as described here https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes MFSA 2022-49 (bsc#1205270) * CVE-2022-45403 (bmo#1762078) Service Workers might have learned size of cross-origin media files * CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass * CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream implementation * CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm * CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via windowName * CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection * CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests bypassed SameSite cookie policy * CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via non-standard override headers * CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially uninitialized buffers * CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage * CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn over browser UI * CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside the iframe * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety bugs fixed in Thunderbird 102.5 Wolfgang Rosenauer 2022-11-16 13:42:05 +0000
f92ca0eef0 Accepting request 1033698 from mozilla:Factory Dominique Leuenberger 2022-11-06 11:41:50 +0000
ed89d64079 - Mozilla Thunderbird 102.4.2 * "Address Book" button in Account Central will now create a CardDAV address book instead of a local address book * Bugfixes as described here https://www.thunderbird.net/en-US/thunderbird/102.4.2/releasenotes Wolfgang Rosenauer 2022-11-05 16:23:19 +0000
50fd6a6a10 Accepting request 1031395 from mozilla:Factory Dominique Leuenberger 2022-10-28 17:28:39 +0000
9e67c8336c - Mozilla Thunderbird 102.4.1 * Thunderbird will now catch and report errors parsing vCards that contain incorrectly formatted dates * Dynamic language switching did not update interface when switched to right-to-left languages * Custom header data was discarded after messages were saved as draft and reopened * -remote command line argument did not work, affecting integration with various applications such as LibreOffice * Messages received via some SMS-to-email services could not display images * VCards with nickname field set could not be edited * Some recurring events were missing from Agenda on first load * Download requests for remote ICS calendars incorrectly set "Accept" header to text/xml * Monthly events created on the 31st of a month with <30 days placed first occurrence 1-2 days after the beginning of the following month * Various visual and UX improvements Wolfgang Rosenauer 2022-10-26 20:45:06 +0000

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory