Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
patchinfo.7994
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7994
<patchinfo incident="7994"> <packager>AndreasStieger</packager> <issue tracker="cve" id="2018-12359"></issue> <issue tracker="cve" id="2018-12360"></issue> <issue tracker="cve" id="2018-12362"></issue> <issue tracker="cve" id="2018-12363"></issue> <issue tracker="cve" id="2018-12364"></issue> <issue tracker="cve" id="2018-5188"></issue> <issue tracker="cve" id="2018-12365"></issue> <issue tracker="cve" id="2018-12366"></issue> <issue tracker="bnc" id="1098998">VUL-0: MozillaFirefox: 52.9esr/60.1.0esr/61 release</issue> <issue tracker="cve" id="2018-12372"></issue> <issue tracker="bnc" id="1100082">VUL-0: CVE-2018-12372: MozillaThunderbird: S/MIME and PGP decryption oracles can be built with HTML emails</issue> <issue tracker="cve" id="2018-12373"></issue> <issue tracker="bnc" id="1100079">VUL-0: CVE-2018-12373: MozillaThunderbird: S/MIME plaintext can be leaked through HTML reply/forward</issue> <issue tracker="cve" id="2018-12374"></issue> <issue tracker="bnc" id="1100081">VUL-0: CVE-2018-12374: MozillaThunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field</issue> <issue tracker="bnc" id="1076907">package MozillaFirefox does not provide mimehandler(text/html)</issue> <issue tracker="bnc" id="1091376">Mozilla Thunderbird for i586 is not built</issue> <issue tracker="bnc" id="1085780">AUDIT-0: authoritative sources for all Mozilla based packages</issue> <issue tracker="bnc" id="1100780"/> <category>security</category> <rating>moderate</rating> <summary>Security update for Mozilla Thunderbird</summary> <description>This update for Mozilla Thunderbird to version 52.9.1 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base (MFSA 2018-16, bsc#1098998): - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus() - CVE-2018-12362: Integer overflow in SSSE3 scaler - CVE-2018-12363: Use-after-free when appending DOM nodes - CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins - CVE-2018-12365: Compromised IPC child process can list local filenames - CVE-2018-12366: Invalid data handling during QCMS transformations - CVE-2018-5188: Memory safety bugs fixed in Thunderbird 52.9.0 Security issues fixed that affect e-mail privacy and integrity (including EFAIL): - CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML emails (bsc#1100082) - CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward (bsc#1100079) - CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing enter in form field (bsc#1100081) The following options are available for added security in certain scenarios: - Option for not decrypting subordinate message parts that otherwise might reveal decryted content to the attacker. Preference mailnews.p7m_subparts_external needs to be set to true for added security. The following upstream changes are included: - Thunderbird will now prompt to compact IMAP folders even if the account is online - Fix various problems when forwarding messages inline when using "simple" HTML view - Deleting or detaching attachments corrupted messages under certain circumstances (bsc#1100780) The following tracked packaging changes are included: - correct requires and provides handling (boo#1076907) - reduce memory footprint with %ix86 at linking time via additional compiler flags (boo#1091376) - Build from upstream source archive and verify source signature (boo#1085780) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor