Overview
Request 443688 accepted
- Mozilla Thunderbird 45.5.1:
* CVE-2016-9079: SVG Animation Remote Code Execution
(MFSA 2016-92, bsc#1012964, bmo#1321066)
- Mozilla Thunderbird 45.5.0 (boo#1009026)
* Fixes for security flaws that cannot be exploited through email
because scripting is disabled when reading mail, but are
potentially risks in browser or browser-like contexts:
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bsc#1010411)
CVE-2016-5297: Incorrect argument length checking in Javascript
(bsc#1010401)
CVE-2016-9066: Integer overflow leading to a buffer overflow in
nsScriptLoadHandler (bsc#1010404)
CVE-2016-5291: Same-origin policy violation using local HTML file
and saved shortcut file (bsc#1010410)
CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
(bsc#1010427)
- Changed behavior:
* Changed recipient address entry: Arrow-keys now copy the pop-up
value to the input field. Mouse-hovered pop-up value can no
longer be confirmed with tab or enter key. This restores the
behavior of Thunderbird 24.
* Support changes to character limit in Twitter
- Bugs fixed:
* Reply with selected text containing quote resulted in wrong
quoting level indication
* Email invitation might not be displayed when description
contains non-ASCII characters
* Attempting to sort messages on the Date field whilst a quick
- Created by wrosenauer
- In state accepted
Request History
wrosenauer created request
- Mozilla Thunderbird 45.5.1:
* CVE-2016-9079: SVG Animation Remote Code Execution
(MFSA 2016-92, bsc#1012964, bmo#1321066)
- Mozilla Thunderbird 45.5.0 (boo#1009026)
* Fixes for security flaws that cannot be exploited through email
because scripting is disabled when reading mail, but are
potentially risks in browser or browser-like contexts:
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bsc#1010411)
CVE-2016-5297: Incorrect argument length checking in Javascript
(bsc#1010401)
CVE-2016-9066: Integer overflow leading to a buffer overflow in
nsScriptLoadHandler (bsc#1010404)
CVE-2016-5291: Same-origin policy violation using local HTML file
and saved shortcut file (bsc#1010410)
CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5
(bsc#1010427)
- Changed behavior:
* Changed recipient address entry: Arrow-keys now copy the pop-up
value to the input field. Mouse-hovered pop-up value can no
longer be confirmed with tab or enter key. This restores the
behavior of Thunderbird 24.
* Support changes to character limit in Twitter
- Bugs fixed:
* Reply with selected text containing quote resulted in wrong
quoting level indication
* Email invitation might not be displayed when description
contains non-ASCII characters
* Attempting to sort messages on the Date field whilst a quick
wrosenauer moved maintenance target to openSUSE:Evergreen:Maintenance:4687
wrosenauer accepted request
ok
