openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaThunderbird

Ana Guerrero (anag+factory) accepted request 1169354 from

Wolfgang Rosenauer (wrosenauer) 3 days ago (revision 333)

- Mozilla Thunderbird 115.10.1
  https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
  * fixed hangup introduced with 115.10.0 (bmo#1891889)

- Mozilla Thunderbird 115.10.0
  https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
  MFSA 2024-20 (bsc#1222535)
  * CVE-2024-3852 (bmo#1883542)
    GetBoundName in the JIT returned the wrong object
  * CVE-2024-3854 (bmo#1884552)
    Out-of-bounds-read after mis-optimized switch statement
  * CVE-2024-3857 (bmo#1886683)
    Incorrect JITting of arguments led to use-after-free during
    garbage collection
  * CVE-2024-2609 (bmo#1866100)
    Permission prompt input delay could expire when not in focus
  * CVE-2024-3859 (bmo#1874489)
    Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
  * CVE-2024-3861 (bmo#1883158)
    Potential use-after-free due to AlignedBuffer self-move
  * CVE-2024-3863 (bmo#1885855)
    Download Protections were bypassed by .xrm-ms files on Windows
  * CVE-2024-3302 (bmo#1881183)
    Denial of Service using HTTP/2 CONTINUATION frames
  * CVE-2024-3864 (bmo#1888333)
    Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
    and Thunderbird 115.10

Ana Guerrero (anag+factory) accepted request 1160556 from

Wolfgang Rosenauer (wrosenauer) about 1 month ago (revision 332)

- LLVM18 breaks building Thunderbird on Tumbleweed; add
  * mozilla-fix-issues-with-llvm18.patch

- Mozilla Thunderbird 115.9.0
  https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/
  MFSA 2024-14 (bsc#1221327)
  * CVE-2024-0743 (bmo#1867408)
    Crash in NSS TLS method
  * CVE-2024-2605 (bmo#1872920)
    Windows Error Reporter could be used as a Sandbox escape vector
  * CVE-2024-2607 (bmo#1879939)
    JIT code failed to save return registers on Armv7-A
  * CVE-2024-2608 (bmo#1880692)
    Integer overflow could have led to out of bounds write
  * CVE-2024-2616 (bmo#1846197)
    Improve handling of out-of-memory conditions in ICU
  * CVE-2023-5388 (bmo#1780432)
    NSS susceptible to timing attack against RSA decryption
  * CVE-2024-2610 (bmo#1871112)
    Improper handling of html and body tags enabled CSP nonce leakage
  * CVE-2024-2611 (bmo#1876675)
    Clickjacking vulnerability could have led to a user accidentally
    granting permissions
  * CVE-2024-2612 (bmo#1879444)
    Self referencing object could have potentially led to a use-
    after-free
  * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093)
    Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
    and Thunderbird 115.9

Dominique Leuenberger (dimstar_suse) accepted request 1155826 from

Wolfgang Rosenauer (wrosenauer) about 2 months ago (revision 331)

- Mozilla Thunderbird 115.8.1
  https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
  MFSA 2024-11
  * CVE-2024-1936 (bmo#1860977)
    Leaking of encrypted email subjects to other conversations

Ana Guerrero (anag+factory) accepted request 1150520 from

Wolfgang Rosenauer (wrosenauer) about 2 months ago (revision 330)

Ana Guerrero (anag+factory) accepted request 1141172 from

Wolfgang Rosenauer (wrosenauer) 3 months ago (revision 329)

- Mozilla Thunderbird 115.7.0
  https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/
  MFSA 2024-04 (bsc#1218955)
  * CVE-2024-0741 (bmo#1864587)
    Out of bounds write in ANGLE
  * CVE-2024-0742 (bmo#1867152)
    Failure to update user input timestamp
  * CVE-2024-0746 (bmo#1660223)
    Crash when listing printers on Linux
  * CVE-2024-0747 (bmo#1764343)
    Bypass of Content Security Policy when directive unsafe-inline was set
  * CVE-2024-0749 (bmo#1813463)
    Phishing site popup could show local origin in address bar
  * CVE-2024-0750 (bmo#1863083)
    Potential permissions request bypass via clickjacking
  * CVE-2024-0751 (bmo#1865689)
    Privilege escalation through devtools
  * CVE-2024-0753 (bmo#1870262)
    HSTS policy on subdomain could bypass policy of upper domain
  * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701)
    Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
    and Thunderbird 115.7

Ana Guerrero (anag+factory) accepted request 1138352 from

Wolfgang Rosenauer (wrosenauer) 3 months ago (revision 328)

Ana Guerrero (anag+factory) accepted request 1134147 from

Wolfgang Rosenauer (wrosenauer) 4 months ago (revision 327)

- Mozilla Thunderbird 115.6.0
  https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
  * Message selection misbehaved after selecting a sub-message in an
    expanded thread, collapsing the thread, then pressing up/down to
    move selection
  * Thunderbird now attempts to reconnect on a new connection after
    SMTP 4xx errors
  * HTML FileLink attachments used the wrong encoding
  MFSA 2023-55 (bsc#1217230)
  * CVE-2023-50762 (bmo#1862625)
    Truncated signed text was shown with a valid OpenPGP
    signature
  * CVE-2023-50761 (bmo#1865647)
    S/MIME signature accepted despite mismatching message date
  * CVE-2023-6856 (bmo#1843782)
    Heap-buffer-overflow affecting WebGL DrawElementsInstanced
    method with Mesa VM driver
  * CVE-2023-6857 (bmo#1796023)
    Symlinks may resolve to smaller than expected buffers
  * CVE-2023-6858 (bmo#1826791)
    Heap buffer overflow in nsTextFragment
  * CVE-2023-6859 (bmo#1840144)
    Use-after-free in PR_GetIdentitiesLayer
  * CVE-2023-6860 (bmo#1854669)
    Potential sandbox escape due to VideoBridge lack of texture
    validation
  * CVE-2023-6861 (bmo#1864118)
    Heap buffer overflow affected nsWindow::PickerOpen(void) in
    headless mode
  * CVE-2023-6862 (bmo#1868042)

Ana Guerrero (anag+factory) accepted request 1132769 from

Wolfgang Rosenauer (wrosenauer) 4 months ago (revision 326)

- Mozilla Thunderbird 115.5.2
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.2/releasenotes/

Ana Guerrero (anag+factory) accepted request 1129733 from

Wolfgang Rosenauer (wrosenauer) 5 months ago (revision 325)

- Mozilla Thunderbird 115.5.1
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes
  * Advanced GnuPG keys may be protected with an unexpected passphrase
  * OpenPGP signatures rejected due to mismatched signature timestamp
    now display signature timestamp and clarifying message
  * Advanced address book search did not return results if display name
    was left blank
  * Clicking on attendee when inviting attendees added the attendee twice

Ana Guerrero (anag+factory) accepted request 1128271 from

Wolfgang Rosenauer (wrosenauer) 5 months ago (revision 324)

- Mozilla Thunderbird 115.5.0
  https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes
  MFSA 2023-52 (bsc#1217230)
  * CVE-2023-6204 (bmo#1841050)
    Out-of-bound memory access in WebGL2 blitFramebuffer
  * CVE-2023-6205 (bmo#1854076)
    Use-after-free in MessagePort::Entangled
  * CVE-2023-6206 (bmo#1857430)
    Clickjacking permission prompts using the fullscreen transition
  * CVE-2023-6207 (bmo#1861344)
    Use-after-free in ReadableByteStreamQueueEntry::Buffer
  * CVE-2023-6208 (bmo#1855345)
    Using Selection API would copy contents into X11 primary
    selection.
  * CVE-2023-6209 (bmo#1858570)
    Incorrect parsing of relative URLs starting with "///"
  * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072,
    bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782)
    Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
    and Thunderbird 115.5

Ana Guerrero (anag+factory) accepted request 1126791 from

Wolfgang Rosenauer (wrosenauer) 5 months ago (revision 323)

- Mozilla Thunderbird 115.4.3
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.4.3/releasenotes

Ana Guerrero (anag+factory) accepted request 1124229 from

Wolfgang Rosenauer (wrosenauer) 6 months ago (revision 322)

- Mozilla Thunderbird 115.4.2
  https://www.thunderbird.net/en-US/thunderbird/115.4.2/releasenotes
- build using rust/cargo 1.72 (1.69 about to be dropped from Factory)

Ana Guerrero (anag+factory) accepted request 1120173 from

Wolfgang Rosenauer (wrosenauer) 6 months ago (revision 321)

- Mozilla Thunderbird 115.4.1
  https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes
  https://www.thunderbird.net/en-US/thunderbird/115.4.0/releasenotes
  MFSA 2023-47 (bsc#1216338)
  * CVE-2023-5721 (bmo#1830820)
    Queued up rendering could have allowed websites to clickjack
  * CVE-2023-5732 (bmo#1690979, bmo#1836962)
    Address bar spoofing via bidirectional characters
  * CVE-2023-5724 (bmo#1836705)
    Large WebGL draw could have led to a crash
  * CVE-2023-5725 (bmo#1845739)
    WebExtensions could open arbitrary URLs
  * CVE-2023-5726 (bmo#1846205)
    Full screen notification obscured by file open dialog on macOS
  * CVE-2023-5727 (bmo#1847180)
    Download Protections were bypassed by .msix, .msixbundle,
    .appx, and .appxbundle files on Windows
  * CVE-2023-5728 (bmo#1852729)
    Improper object tracking during GC in the JavaScript engine
    could have led to a crash.
  * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
    bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
    bmo#1855306, bmo#1855640, bmo#1856695)
    Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
    and Thunderbird 115.4.1
- removed obsolete mozilla-bmo1846703.patch

- Mozilla Thunderbird 115.3.3
  * fixed: "Folder Location" toolbar button did not work for
    local folders (bmo#1843979)

Ana Guerrero (anag+factory) accepted request 1116802 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 320)

- Mozilla Thunderbird 115.3.2
  Bugfix release
  https://www.thunderbird.net/en-US/thunderbird/115.3.2/releasenotes

Ana Guerrero (anag+factory) accepted request 1114452 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 319)

- Mozilla Thunderbird 115.3.1
  MFSA 2023-45 (bsc#1215814)
  * CVE-2023-5217 (bmo#1855550)
    Heap buffer overflow in libvpx
- Add mozilla-bmo1846703.patch

Dominique Leuenberger (dimstar_suse) accepted request 1113844 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 318)

- Mozilla Thunderbird 115.3.0
  https://www.thunderbird.net/en-US/thunderbird/115.3.0/releasenotes
  MFSA 2023-43 (bsc#1215575)
  * CVE-2023-5168 (bmo#1846683)
    Out-of-bounds write in FilterNodeD2D1
  * CVE-2023-5169 (bmo#1846685)
    Out-of-bounds write in PathOps
  * CVE-2023-5171 (bmo#1851599)
    Use-after-free in Ion Compiler
  * CVE-2023-5174 (bmo#1848454)
    Double-free in process spawning on Windows
  * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824,
    bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
    bmo#1851195)
    Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
    and Thunderbird 115.3

Ana Guerrero (anag+factory) accepted request 1112694 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 317)

- Mozilla Thunderbird 115.2.3
  Bugfix release:
  https://www.thunderbird.net/en-US/thunderbird/115.2.3/releasenotes

Ana Guerrero (anag+factory) accepted request 1110767 from

Wolfgang Rosenauer (wrosenauer) 7 months ago (revision 316)

Ana Guerrero (anag+factory) accepted request 1109528 from

Wolfgang Rosenauer (wrosenauer) 8 months ago (revision 315)

- Mozilla Thunderbird 115.2.0
  https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes
  MFSA 2023-38 (bsc#1214606)
  * CVE-2023-4573 (bmo#1846687)
    Memory corruption in IPC CanvasTranslator
  * CVE-2023-4574 (bmo#1846688)
    Memory corruption in IPC ColorPickerShownCallback
  * CVE-2023-4575 (bmo#1846689)
    Memory corruption in IPC FilePickerShownCallback
  * CVE-2023-4576 (bmo#1846694)
    Integer Overflow in RecordedSourceSurfaceCreation
  * CVE-2023-4577 (bmo#1847397)
    Memory corruption in JIT UpdateRegExpStatics
  * CVE-2023-4051 (bmo#1821884)
    Full screen notification obscured by file open dialog
  * CVE-2023-4578 (bmo#1839007)
    Error reporting methods in SpiderMonkey could have triggered
    an Out of Memory Exception
  * CVE-2023-4053 (bmo#1839079)
    Full screen notification obscured by external program
  * CVE-2023-4580 (bmo#1843046)
    Push notifications saved to disk unencrypted
  * CVE-2023-4581 (bmo#1843758)
    XLL file extensions were downloadable without warnings
  * CVE-2023-4582 (bmo#1773874)
    Buffer Overflow in WebGL glGetProgramiv
  * CVE-2023-4583 (bmo#1842030)
    Browsing Context potentially not cleared when closing Private
    Window
  * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,

Dominique Leuenberger (dimstar_suse) accepted request 1102113 from

Wolfgang Rosenauer (wrosenauer) 9 months ago (revision 314)

- Mozilla Thunderbird 102.14.0
  MFSA 2023-32 (bsc#1213746)
  * CVE-2023-4045 (bmo#1833876)
    Offscreen Canvas could have bypassed cross-origin restrictions
  * CVE-2023-4046 (bmo#1837686)
    Incorrect value used during WASM compilation
  * CVE-2023-4047 (bmo#1839073)
    Potential permissions request bypass via clickjacking
  * CVE-2023-4048 (bmo#1841368)
    Crash in DOMParser due to out-of-memory conditions
  * CVE-2023-4049 (bmo#1842658)
    Fix potential race conditions when releasing platform objects
  * CVE-2023-4050 (bmo#1843038)
    Stack buffer overflow in StorageManager
  * CVE-2023-4054 (bmo#1840777)
    Lack of warning when opening appref-ms files
  * CVE-2023-4055 (bmo#1782561)
    Cookie jar overflow caused unexpected cookie jar state
  * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
    bmo#1842325, bmo#1843847)
    Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
    Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

  * CVE-2023-3417 (bmo#1835582, boo#1213658)

Displaying revisions 1 - 20 of 333

Places

Revisions of MozillaThunderbird

Places