Overview

File _patchinfo of Package patchinfo.9296

<patchinfo incident="9296">
  <issue tracker="bnc" id="1112852">VUL-0: MozillaFirefox,MozillaThunderbird: 63, 60.3.0 ESR releases including security fixes</issue>
  <issue tracker="cve" id="2018-12389"/>
  <issue tracker="cve" id="2018-12393"/>
  <issue tracker="cve" id="2018-12392"/>
  <issue tracker="cve" id="2018-12391"/>
  <issue tracker="cve" id="2018-12390"/>
  <category>security</category>
  <rating>important</rating>
  <packager>AndreasStieger</packager>
  <description>This update for MozillaThunderbird fixes the following issues:

Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852):

Security issues fixed (MFSA 2018-28):

- CVE-2018-12389: Fixed memory safety bugs.
- CVE-2018-12390: Fixed memory safety bugs.
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin.
- CVE-2018-12392: Fixed crash with nested event loops.
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript.

Non-security issues fixed:

- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once
- Update _constraints for armv6/7
- Add memory-constraints to avoid OOM errors
</description>
  <summary>Security update for MozillaThunderbird</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places