Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="3276">
  <issue id="900639" tracker="bnc">firefox stopped to spell check - needs external dictionaries</issue>
  <issue id="908009" tracker="bnc">VUL-0: MozillaFirefox: Firefox 34/Firefox ESR 31.3/Thunderbird 31.3</issue>
  <issue id="CVE-2014-1590" tracker="cve" />
  <issue id="CVE-2014-1593" tracker="cve" />
  <issue id="CVE-2014-1592" tracker="cve" />
  <issue id="CVE-2014-1587" tracker="cve" />
  <issue id="CVE-2014-1594" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>wrosenauer</packager>
  <description>This MozillaThunderbird update fixes several security and non security
issues:

Changes in MozillaThunderbird:
- update to Thunderbird 31.3.0 (bnc#908009)
  * MFSA 2014-83/CVE-2014-1587
    Miscellaneous memory safety hazards
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer

- fix bashism in mozilla.sh script

- Limit RAM usage during link for ARM

- remove add-plugins.sh and use /usr/share/myspell directly
  (bnc#900639)
</description>
  <summary>Security update for MozillaThunderbird</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places