MozillaThunderbird

rpm/MozillaThunderbird

SHA256

Fork 0

forked from pool/MozillaThunderbird

f56d76b94f Accepting request 732309 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2019-09-21 15:27:38 +00:00
22ec736272 Accepting request 732226 from home:munix9 Wolfgang Rosenauer 2019-09-20 17:52:56 +00:00
28408893c0 Accepting request 732134 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2019-09-20 11:19:56 +00:00
558b06a6a9 Accepting request 732106 from home:bmwiedemann:branches:mozilla:Factory Wolfgang Rosenauer 2019-09-20 10:17:10 +00:00
e07044c22b Accepting request 730872 from mozilla:Factory Yuchen Lin 2019-09-18 11:06:13 +00:00
9ea16a1def OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=484 Wolfgang Rosenauer 2019-09-14 08:48:16 +00:00
08fe2a30d3 - Mozilla Thunderbird 68.1.0 add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build Wolfgang Rosenauer 2019-09-13 20:15:12 +00:00
b26a281145 - Mozilla Thunderbird 60.9.0 * Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. MFSA 2019-27 * Use-after-free while manipulating video CVE-2019-11746 (bmo#1564449) * XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11744 (bmo#1562033) * Same-origin policy violation with SVG filters and canvas to steal cross-origin images CVE-2019-11742 (bmo#1559715) * Use-after-free while extracting a key value in IndexedDB CVE-2019-11752 (bmo#1501152) * Sandbox escape through Firefox Sync CVE-2019-9812 (bmo#1538008, bmo#1538015) * Cross-origin access to unload event attributes CVE-2019-11743 (bmo#1560495) Navigation-Timing Level 2 specification * Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 CVE-2019-11740 (bmo#1563133, bmo#1573160) Wolfgang Rosenauer 2019-09-06 12:24:37 +00:00
ef667d8f49 Accepting request 720733 from mozilla:Factory Dominique Leuenberger 2019-08-15 10:22:48 +00:00
0830f41da7 Accepting request 720219 from home:psych0naut:branches:mozilla:Factory Wolfgang Rosenauer 2019-08-02 20:55:56 +00:00
7023407dc1 Accepting request 714774 from mozilla:Factory Dominique Leuenberger 2019-07-16 06:38:45 +00:00
191740d32d - Mozilla Thunderbird 60.8.0 * Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales MFSA 2019-23 (boo#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key * CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and Thunderbird 60.8 Wolfgang Rosenauer 2019-07-12 06:49:32 +00:00
1bf9c22999 Accepting request 714441 from home:bmwiedemann:branches:mozilla:Factory Wolfgang Rosenauer 2019-07-11 13:06:47 +00:00
2a78cb9dfe Accepting request 711281 from mozilla:Factory Dominique Leuenberger 2019-06-25 20:16:55 +00:00
afa9155927 - Mozilla Thunderbird 60.7.2 MFSA 2019-20 (boo#1138872) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open Wolfgang Rosenauer 2019-06-21 08:30:37 +00:00
bc25c0a686 Accepting request 709837 from mozilla:Factory Dominique Leuenberger 2019-06-17 19:34:05 +00:00
235879bf00 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=473 Wolfgang Rosenauer 2019-06-14 05:51:33 +00:00
8ac8c83ee3 * fixed: No prompt for smartcard PIN when S/MIME signing is used Wolfgang Rosenauer 2019-06-14 05:43:50 +00:00
68b80ea39c - Mozilla Thunderbird 60.7.1 MFSA 2019-17 (boo#1137595) * CVE-2019-11703 (bmo#1553820) Heap buffer overflow in icalparser.c * CVE-2019-11704 (bmo#1553814) Heap buffer overflow in icalvalue.c * CVE-2019-11705 (bmo#1553808) Stack buffer overflow in icalrecur.c * CVE-2019-11706 (bmo#1555646) Type confusion in icalproperty.c Wolfgang Rosenauer 2019-06-14 05:42:27 +00:00
04f1d004f6 Accepting request 708966 from home:aaronpuchert Wolfgang Rosenauer 2019-06-12 13:56:51 +00:00
04419d0064 Accepting request 705454 from mozilla:Factory Dominique Leuenberger 2019-05-28 07:40:54 +00:00
35447776a4 - Mozilla Thunderbird 60.7.0 * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut MFSA 2019-15 (boo#1135824) * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * CVE-2019-9797 (bmo#1528909) Cross-origin theft of images with createImageBitmap * CVE-2018-18511 (bmo#1526218) Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11694 (bmo#1534196) (Windows only) Uninitialized memory memory leakage in Windows sandbox Wolfgang Rosenauer 2019-05-25 20:31:48 +00:00
0f6a91aeea Accepting request 697648 from mozilla:Factory Yuchen Lin 2019-04-25 15:52:07 +00:00
35edb05724 Accepting request 697618 from home:marxin:branches:mozilla:Factory Wolfgang Rosenauer 2019-04-24 20:43:44 +00:00
59eb70e82c Accepting request 690073 from mozilla:Factory Dominique Leuenberger 2019-04-02 07:19:54 +00:00
9abb96db9b OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=464 Wolfgang Rosenauer 2019-03-30 15:57:20 +00:00
1c30fa795c - Add patch to fix build using rust-1.33: (boo#1130694) * mozilla-bmo1519629.patch (bmo#1519629) Wolfgang Rosenauer 2019-03-30 11:50:20 +00:00
fa5d322d3e - Add patch to fix build using rust-1.33: * mozilla-bmo1519629.patch Wolfgang Rosenauer 2019-03-30 11:48:53 +00:00
059085eb69 Accepting request 689134 from mozilla:Factory Dominique Leuenberger 2019-03-28 21:46:08 +00:00
3e2908cf21 - Mozilla Thunderbird 60.6.1 MFSA 2019-12 (bsc#1130262) * CVE-2019-9810 (bmo#1537924) IonMonkey MArraySlice has incorrect alias information * CVE-2019-9813 (bmo#1538006) Ionmonkey type confusion with __proto__ mutations Wolfgang Rosenauer 2019-03-27 16:08:50 +00:00
191c0ebf53 Accepting request 687466 from mozilla:Factory Dominique Leuenberger 2019-03-26 14:35:56 +00:00
82c07d74ff - Mozilla Thunderbird 60.6.0 * Calendar: Can't create repeating event with end date when using certain time zones, for example Europe/Minsk * some minor bugfixes * using 60.6.0esr Mozilla platform (bsc#1129821) Wolfgang Rosenauer 2019-03-20 21:48:06 +00:00
eef2113182 Accepting request 680129 from mozilla:Factory Dominique Leuenberger 2019-03-04 08:13:20 +00:00
6fbce4789b - Mozilla Thunderbird 60.5.2 * UTF-8 support for MAPISendMail * Problem with S/MIME certificate verification when receiving email from Outlook (issue introduced in version 60.5.1) Wolfgang Rosenauer 2019-02-26 17:37:51 +00:00
e33ebb5c9b Accepting request 676696 from mozilla:Factory Stephan Kulow 2019-02-24 17:01:39 +00:00
e67981f7a0 - Mozilla Thunderbird 60.5.1 * CalDav access to some servers not working MFSA 2019-06 (bsc#1125330) * CVE-2018-18356 bmo#1525817 Use-after-free in Skia * CVE-2019-5785 bmo#1525433 Integer overflow in Skia * CVE-2018-18335 bmo#1525815 Buffer overflow in Skia with accelerated Canvas 2D * CVE-2018-18509 bmo#1507218 S/MIME signature spoofing - Mozilla Thunderbird 60.5.0: Wolfgang Rosenauer 2019-02-14 22:12:08 +00:00
46b2e6acbb Accepting request 669999 from mozilla:Factory Stephan Kulow 2019-02-08 11:05:39 +00:00
d7db4b785d MFSA 2019-03 (bsc#1122983) * CVE-2018-18500 bmo#1510114 Use-after-free parsing HTML5 stream * CVE-2018-18505 bmo#1497749 Privilege escalation through IPC channel messages * CVE-2016-5824 bmo#1275400 DoS (use-after-free) via a crafted ics file * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619 bmo#1502871 bmo#1516738 bmo#1516514 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 Wolfgang Rosenauer 2019-01-29 21:58:55 +00:00
126ce832a3 changelog (security related) missing still Wolfgang Rosenauer 2019-01-29 19:03:55 +00:00
ef25ff0738 Accepting request 664269 from mozilla:Factory Dominique Leuenberger 2019-01-15 08:11:54 +00:00
8cd0088de8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=449 Wolfgang Rosenauer 2018-12-21 21:20:17 +00:00
6953ad0d97 - requires NSS 3.36.6 Wolfgang Rosenauer 2018-12-21 21:18:40 +00:00
b67553185b Accepting request 660601 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-12-21 21:10:16 +00:00
267932e21f Accepting request 655853 from mozilla:Factory Dominique Leuenberger 2018-12-11 14:45:20 +00:00
47ff8451c2 - Mozilla Thunderbird 60.3.3 * Thunderbird 60 will migrate security databases (key3.db, cert8.db to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a fault that potentially deleted saved passwords and private certificate keys for users using a master password. Version 60.3.3 will prevent the loss of data; affected users who have already upgraded to version 60.3.2 or earlier can restore the deleted key3.db file from backup to complete the migration. * Address book search and auto-complete slowness introduced in Thunderbird 60.3.2 * Plain text markup with * for bold, / for italics, _ for underline and | for code did not work when the enclosed text contained non-ASCII characters * While composing a message, a link not removed when link location was removed in the link properties panel Wolfgang Rosenauer 2018-12-05 21:18:03 +00:00
2600036d42 Accepting request 653563 from mozilla:Factory Dominique Leuenberger 2018-12-05 08:38:46 +00:00
0f47d98b6b Accepting request 653550 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-12-03 15:06:20 +00:00
e5fa4278bb - Mozilla Thunderbird 60.3.2 * Encoding problems when exporting address books or messages using the system charset. Messages are now always exported using the UTF-8 encoding * If the "Date" header of a message was invalid, Jan 1970 or Dec 1969 was displayed. Now using date from "Received" header instead. * Body search/filtering didn't reliably ignore content of tags * Inappropriate warning "Thunderbird prevented the site (addons.thunderbird.net) from asking you to install software on your computer" when installing add-ons * Incorrect display of correspondents column since own email address was not always detected * Spurious 
 (encoded newline) inserted into drafts and sent email Wolfgang Rosenauer 2018-11-30 10:20:59 +00:00
6cb5404753 Accepting request 649480 from mozilla:Factory Dominique Leuenberger 2018-11-20 21:22:19 +00:00
0c3f0972f6 correct buildid Wolfgang Rosenauer 2018-11-16 06:50:12 +00:00
a3384a6fef Accepting request 649349 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-11-16 06:40:27 +00:00
c273f706ba Accepting request 645920 from mozilla:Factory Dominique Leuenberger 2018-11-06 14:35:53 +00:00
effd24db38 - update to Thunderbird 60.3.0 * various theme fixes * Shift+PageUp/PageDown in Write window * Gloda attachment filtering * Mailing list address auto-complete enter/return handling * Thunderbird hung if HTML signature references non-existent image * Filters not working for headers that appear more than once - Security fixes for the Mozilla platform picked up from 60.3 (Firefox ESR release). In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts (MFSA 2018-28) (bsc#1112852) * CVE-2018-12391 (bmo#1478843) (Android only) HTTP Live Stream audio data is accessible cross-origin * CVE-2018-12392 (bmo#1492823) Crash with nested event loops * CVE-2018-12393 (bmo#1495011) Integer overflow during Unicode conversion while loading JavaScript * CVE-2018-12389 (bmo#1498460, bmo#1499198) Memory safety bugs fixed in Firefox ESR 60.3 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 Wolfgang Rosenauer 2018-11-01 17:28:09 +00:00
9bb3d7bcac Accepting request 644807 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2018-10-29 08:28:50 +00:00
a83e554e52 Accepting request 641723 from mozilla:Factory Dominique Leuenberger 2018-10-22 09:04:38 +00:00
234d7a115c Accepting request 641717 from home:msmeissn:branches:mozilla:Factory Wolfgang Rosenauer 2018-10-12 15:11:47 +00:00
46cd8bb788 Accepting request 640048 from mozilla:Factory Dominique Leuenberger 2018-10-11 09:43:29 +00:00
266f4763da Accepting request 640045 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-10-05 09:08:04 +00:00
c0d713ad9e Accepting request 640011 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-10-04 20:00:55 +00:00
46ff0ae0de - update to Thunderbird 60.2.1 * several bugfixes since release of version 60.0 * security fixes for the Mozilla platform picked up from 60.1 and 60.2 (Firefox ESR releases) - Update file list since minidump-analyzer is only available when * Various fixes and changes to e-mail workflow Wolfgang Rosenauer 2018-10-03 20:05:00 +00:00
f7b683cada Accepting request 636364 from mozilla:Factory Dominique Leuenberger 2018-09-26 14:01:15 +00:00
31b60fdd31 Accepting request 635007 from home:Guillaume_G:branches:mozilla:Factory Wolfgang Rosenauer 2018-09-12 09:58:10 +00:00
896624b915 Accepting request 632921 from mozilla:Factory Yuchen Lin 2018-09-10 10:29:19 +00:00
c08272f856 Accepting request 632919 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-09-03 20:13:55 +00:00
ff674588f7 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=425 Wolfgang Rosenauer 2018-08-27 15:50:17 +00:00
a67021f952 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaThunderbird?expand=0&rev=424 Wolfgang Rosenauer 2018-08-27 10:51:57 +00:00
affcd2db3c Accepting request 631539 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-08-27 08:09:20 +00:00
275bc9bdcb Accepting request 629370 from home:iznogood:branches:mozilla:Factory Wolfgang Rosenauer 2018-08-15 09:38:21 +00:00
b3d2742026 * mozilla-develdirs.patch Wolfgang Rosenauer 2018-08-07 06:32:26 +00:00
696d48eaf5 * tb-ssldap.patch Wolfgang Rosenauer 2018-08-06 21:32:03 +00:00
cde9b1d6a6 - update to Thunderbird 60.0 * requires NSPR 4.19 and NSS 3.36.4 * what's new https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/ - source archives are now signed directly (removed checksum signature check) - imported patches from Firefox 60 * mozilla-bmo1375074.patch * mozilla-bmo1464766.patch * mozilla-i586-DecoderDoctorLogger.patch * mozilla-i586-domPrefs.patch - removed obsolete patches * mozilla-language.patch - removed -devel subpackage as old-style extensions are mainly gone - storing of remote content settings fixed (boo#1084603) Wolfgang Rosenauer 2018-08-06 14:26:01 +00:00
a18f177e1d Accepting request 622019 from mozilla:Factory Dominique Leuenberger 2018-07-17 07:36:30 +00:00
93fe18dfd9 Accepting request 621937 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-07-10 17:29:54 +00:00
1179b0a448 * Deleting or detaching attachments corrupted messages under certain circumstances (bmo#1473893) Wolfgang Rosenauer 2018-07-10 09:03:21 +00:00
97874126cc - update to Thunderbird 52.9.1 * fix detaching attachments (bmo#1473893) otherwise might reveal decryted content to the attacker. "simple" HTML view Wolfgang Rosenauer 2018-07-10 06:54:09 +00:00
3c7f4f425a Accepting request 620717 from mozilla:Factory Dominique Leuenberger 2018-07-07 19:54:42 +00:00
8482f17d7f Accepting request 620658 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-07-05 06:01:02 +00:00
3b3bdbed6f Accepting request 620624 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-07-04 14:06:02 +00:00
5e3677350a Accepting request 620593 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-07-04 08:58:13 +00:00
4460ca6a07 MFSA 2018-16 (bsc#1098998) * CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element * CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * CVE-2018-12372 (bmo#1419417) S/MIME and PGP decryption oracles can be built with HTML emails * CVE-2018-12373 (bmo#1464667, bmo#1464056) S/MIME plaintext can be leaked through HTML reply/forward * CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * CVE-2018-12374 (bmo#1462910) Using form to exfiltrate encrypted mail part by pressing enter in form field * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 Wolfgang Rosenauer 2018-07-04 05:58:22 +00:00
9a9de5cf1f - update to Thunderbird 52.9 (bsc#1098998) - correct requires and provides handling (boo#1076907) - reduce memory footprint with %ix86 at linking time via additional compiler flags (boo#1091376) Wolfgang Rosenauer 2018-07-02 13:49:36 +00:00
07cdaea7b5 Accepting request 620026 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-07-02 12:10:40 +00:00
58c4ceb2c3 Accepting request 610619 from mozilla:Factory Dominique Leuenberger 2018-05-20 15:19:25 +00:00
cd0e3ea9a0 - update to Thunderbird 52.8 (bsc#1092548) MFSA 2018-13 * CVE-2018-5183 (bmo#1454692) Backport critical security fixes in Skia * CVE-2018-5184 (bmo#1411592, bsc#1093152) Full plaintext recovery in S/MIME via chosen-ciphertext attack * CVE-2018-5154 (bmo#1443092) Use-after-free with SVG animations and clip paths * CVE-2018-5155 (bmo#1448774) Use-after-free with SVG animations and text paths * CVE-2018-5159 (bmo#1441941) Integer overflow and out-of-bounds write in Skia * CVE-2018-5161 (bmo#1411720) Hang via malformed headers * CVE-2018-5162 (bmo#1457721, bsc#1093152) Encrypted mail leaks plaintext through src attribute * CVE-2018-5170 (bmo#1411732) Filename spoofing for external attachments * CVE-2018-5168 (bmo#1449548) Lightweight themes can be installed without user interaction * CVE-2018-5174 (bmo#1447080) (Windows only) Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update * CVE-2018-5178 (bmo#1443891) Buffer overflow during UTF-8 to Unicode string conversion through legacy extension * CVE-2018-5185 (bmo#1450345) Leaking plaintext through HTML forms * CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705, bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415, Wolfgang Rosenauer 2018-05-19 10:55:26 +00:00
801b5b90a6 Accepting request 592321 from mozilla:Factory Dominique Leuenberger 2018-04-02 20:47:49 +00:00
b632ec1b68 Accepting request 592294 from home:oertel:branches:mozilla:Factory Wolfgang Rosenauer 2018-03-29 13:46:17 +00:00
a7a15ddd5d Accepting request 591025 from mozilla:Factory Dominique Leuenberger 2018-03-29 09:48:50 +00:00
2fe1d46e22 Accepting request 590831 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2018-03-26 11:03:30 +00:00
120baf56d9 - update to Thunderbird 52.7 (bsc#1085130) * Searching message bodies of messages in local folders, including filter and quick filter operations, did not find content in message attachments * Better error handling for Yahoo accounts MFSA 2018-08 * CVE-2018-5146 (bmo#1446062) Out of bounds memory write in libvorbis * CVE-2018-5147 (bmo#1446365) Out of bounds memory write in libtremor Wolfgang Rosenauer 2018-03-24 09:35:07 +00:00
bcf6d3e7d7 Accepting request 577192 from mozilla:Factory Dominique Leuenberger 2018-02-18 10:39:01 +00:00
77c48f2707 * CVE-2017-7846 (bmo#1411716, bsc#1074043) * CVE-2017-7847 (bmo#1411708, bsc#1074044) * CVE-2017-7848 (bmo#1411699, bsc#1074045) * CVE-2017-7829 (bmo#1423432, bsc#1074046) Wolfgang Rosenauer 2018-02-16 09:09:25 +00:00
a4e54b1e38 Accepting request 569795 from mozilla:Factory Dominique Leuenberger 2018-01-30 14:36:27 +00:00
f8a44525c7 - update to Thunderbird 52.6 (bsc#1077291) * Searching message bodies of messages in local folders, including filter and quick filter operations, not working reliably: Content not found in base64-encode message parts, non-ASCII text not found and false positives found. * Defective messages (without at least one expected header) not shown in IMAP folders but shown on mobile devices * Calendar: Unintended task deletion if numlock is enabled * Mozilla platform security fixes MFSA 2018-04 * CVE-2018-5095 (bmo#1418447) Integer overflow in Skia library during edge builder allocation * CVE-2018-5096 (bmo#1418922) Use-after-free while editing form elements * CVE-2018-5097 (bmo#1387427) Use-after-free when source document is manipulated during XSLT * CVE-2018-5098 (bmo#1399400) Use-after-free while manipulating form input elements * CVE-2018-5099 (bmo#1416878) Use-after-free with widget listener * CVE-2018-5102 (bmo#1419363) Use-after-free in HTML media elements * CVE-2018-5103 (bmo#1423159) Use-after-free during mouse event handling * CVE-2018-5104 (bmo#1425000) Use-after-free during font face manipulation * CVE-2018-5117 (bmo#1395508) URL spoofing with right-to-left text aligned left-to-right * CVE-2018-5089 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 Wolfgang Rosenauer 2018-01-26 07:14:05 +00:00
473ae96309 Accepting request 559658 from mozilla:Factory Dominique Leuenberger 2018-01-01 21:04:06 +00:00
fa26255979 Accepting request 559653 from home:AndreasStieger:branches:mozilla:Factory Wolfgang Rosenauer 2017-12-23 21:58:24 +00:00
a542d644fe - update to Thunderbird 52.5.2 * This releases fixes the "Mailsploit" vulnerability and other vulnerabilities detected by the "Cure53" audit MFSA 2017-30 * CVE-2017-7845 (bmo#1402372) Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 * CVE-2017-7846 (bmo#1411716) JavaScript Execution via RSS in mailbox:// origin * CVE-2017-7847 (bmo#1411708) Local path string can be leaked from RSS feed * CVE-2017-7848 (bmo#1411699) RSS Feed vulnerable to new line Injection * CVE-2017-7829 (bmo#1423432) Mailsploit part 1: From address with encoded null character is cut off in message header display Wolfgang Rosenauer 2017-12-23 20:06:58 +00:00
a47765ced3 Accepting request 555851 from mozilla:Factory Dominique Leuenberger 2017-12-12 20:20:43 +00:00
a9f94c0e74 Accepting request 555272 from home:dimstar:Factory Wolfgang Rosenauer 2017-12-11 08:32:59 +00:00
85f67ddf70 Accepting request 545445 from mozilla:Factory Dominique Leuenberger 2017-11-30 11:41:58 +00:00
ca09b0503f * Better support for Charter/Spectrum IMAP: Thunderbird will now detect Charter's IMAP service and send an additional IMAP select command to the server. Check the various preferences ending in "force_select" to see whether auto-detection has discovered this case. * In search folders spanning multiple base folders clicking on a message sometimes marked another message as read * IMAP alerts have been corrected and now show the correct server name in case of connection problems * POP alerts have been corrected and now indicate connection problems in case the configured POP server cannot be found MFSA 2017-26 Wolfgang Rosenauer 2017-11-25 07:08:27 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory