Revisions of MozillaThunderbird
Dominique Leuenberger (dimstar_suse)
accepted
request 793242
from
Wolfgang Rosenauer (wrosenauer)
(revision 229)
Dominique Leuenberger (dimstar_suse)
accepted
request 787142
from
Factory Maintainer (factory-maintainer)
(revision 228)
Automatic submission by obs-autosubmit
Oliver Kurz (okurz-factory)
accepted
request 773527
from
Wolfgang Rosenauer (wrosenauer)
(revision 227)
- Mozilla Thunderbird 68.5.0 New * Support for Client Identity IMAP/SMTP Service Extension * Support for OAuth 2.0 authentication for POP3 accounts Fixes * Status area goes blank during account setup * Calendar: Could not remove color for default categories * Calendar: Prevent calendar component loading multiple times * Calendar: Today pane did not retain width between sessions MFSA 2020-07 (bsc#1163368) * CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain email messages * CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords * CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with multiple signatures * CVE-2020-6797 (bmo#1596668) (Mac OSX only) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on uninitialized data * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851, bmo#1608580,bmo#1608785,bmo#1605777) Memory safety bugs fixed in Thunderbird 68.5
Dominique Leuenberger (dimstar_suse)
accepted
request 769383
from
Wolfgang Rosenauer (wrosenauer)
(revision 226)
Dominique Leuenberger (dimstar_suse)
accepted
request 767881
from
Wolfgang Rosenauer (wrosenauer)
(revision 225)
- Mozilla Thunderbird 68.4.2 * Calendar: Task and Event tree colours adjusted for the dark theme * Retrieval of S/MIME certificates from LDAP failed * Address-parsing crash on some IMAP servers when mail.imap.use_envelope_cmd is set * Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout * Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened
Dominique Leuenberger (dimstar_suse)
accepted
request 763056
from
Wolfgang Rosenauer (wrosenauer)
(revision 224)
- Mozilla Thunderbird 68.4.1 * Various improvements when setting up an account for a Microsoft Exchange server: Now offers IMAP/SMTP if available, better detection for Office 365 accounts; re-run configuration after password change Fixes: * After changing view layout, the message display pane showed garbled content under some circumstances * Various theme changes to achieve "pixel perfection": Unread icon, "no results" icon, paragraph format and font selector, background of folder summary tooltip * Tags were lost on messages in shared IMAP folders under some circumstances * Calendar: Event attendee dialog was not displayed correctly MFSA 2020-04 (bsc#1160498, bsc#1160305) * CVE-2019-17026 (bmo#1607443) IonMonkey type confusion with StoreElementHole and FallibleStoreElement * CVE-2019-17015 (bmo#1599005) Memory corruption in parent process during new content process initialization on Windows * CVE-2019-17016 (bmo#1599181) Bypass of @namespace CSS sanitization during pasting * CVE-2019-17017 (bmo#1603055) Type Confusion in XPCVariant.cpp * CVE-2019-17021 (bmo#1599008) Heap address disclosure in parent process during content process initialization on Windows * CVE-2019-17022 (bmo#1602843) CSS sanitization does not escape HTML tags * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
Dominique Leuenberger (dimstar_suse)
accepted
request 759724
from
Wolfgang Rosenauer (wrosenauer)
(revision 223)
- add mozilla-bmo1583471.patch to allow building with rust 1.39 - Mozilla Thunderbird 68.3.1 * In dark theme unread messages no longer shown in blue to distinguish from tagged messages * Account setup is now using client side DNS MX lookup instead of relying on a server Bugfixes * Searching LDAP address book crashed in some circumstances * Message navigation with backward and forward buttons did not work in some circumstances * WebExtension toolbar icons were displayed too small * Calendar: Tasks due today were not listed in bold * Calendar: Last day of long-running events was not shown
Dominique Leuenberger (dimstar_suse)
accepted
request 754691
from
Wolfgang Rosenauer (wrosenauer)
(revision 222)
- Mozilla Thunderbird 68.3.0: * Message display toolbar action WebExtension API * Navigation buttons are now available in content tabs, for example those opened via an add-on search * other bugfixes MFSA 2019-38 * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Various updates to improve performance and stability - updated create-tar.sh to cover buildid and origin repo information - changed locale building procedure * removed obsolete compare-locales.tar.xz and thunderbird-broken-locales-build.patch - add mozilla-bmo849632.patch to fix color issues on big endian
Dominique Leuenberger (dimstar_suse)
accepted
request 747029
from
Wolfgang Rosenauer (wrosenauer)
(revision 221)
Dominique Leuenberger (dimstar_suse)
accepted
request 744761
from
Wolfgang Rosenauer (wrosenauer)
(revision 220)
- Mozilla Thunderbird 68.2.1 * A language for the user interface can now be chosen in the advanced settings (multilingual UI) * Fixed problem with Google authentication (OAuth2) * Selected or unread messages were not shown in the correct color in the thread pane (message list) under some circumstances * When using a language pack, names of standard folders weren't localized (boo#1149126) * Address book default startup directory in preferences panel was not persisted * Chat: Extended context menu on Instant messaging status dialog (Show Accounts) - added mozilla-bmo1504834-part4.patch to fix some visual issues on big endian platforms
Dominique Leuenberger (dimstar_suse)
accepted
request 742150
from
Wolfgang Rosenauer (wrosenauer)
(revision 219)
- Mozilla Thunderbird 68.2.0 * Message Display WebExtension API * Message Search WebExtension API * Better visual feedback for unread messages when using the dark theme * Fixed various issues when editing mailing list * Fixed application windows not maintaining their size after restart MFSA 2019-33 (bsc#1154738) * CVE-2019-15903 (bmo#1584907) Heap overflow in expat library in XML_GetCurrentLineNumber * CVE-2019-11757 (bmo#1577107) Use-after-free when creating index updates in IndexedDB * CVE-2019-11758 (bmo#1536227) Potentially exploitable crash due to 360 Total Security * CVE-2019-11759 (bmo#1577953) Stack buffer overflow in HKDF output * CVE-2019-11760 (bmo#1577719) Stack buffer overflow in WebRTC networking * CVE-2019-11761 (bmo#1561502) Unintended access to a privileged JSONView object * CVE-2019-11762 (bmo#1582857) document.domain-based origin isolation has same-origin-property violation * CVE-2019-11763 (bmo#1584216) Incorrect HTML parsing results in XSS bypass technique * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223, bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950, bmo#1583463, bmo#1586599) Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 - removed obsolete patches mozilla-bmo1573381.patch mozilla-bmo1512162.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 737931
from
Wolfgang Rosenauer (wrosenauer)
(revision 218)
- Mozilla Thunderbird 68.1.2 Bugfixes * Some attachments couldn't be opened in messages originating from MS Outlook 2016 * Address book import from CSV * Performance problem in message body search * Ctrl+Enter to send a message would open an attachment if the attachment pane had focus * Calendar: Issues with "Today Pane" start-up * Calendar: Glitches with custom repeat and reminder number input * Calendar: Problems with WCAP provider - add mozilla-bmo1585099.patch to fix build with rust >= 1.38
Dominique Leuenberger (dimstar_suse)
accepted
request 733855
from
Wolfgang Rosenauer (wrosenauer)
(revision 217)
Yuchen Lin (maxlin_factory)
accepted
request 730872
from
Wolfgang Rosenauer (wrosenauer)
(revision 216)
- Mozilla Thunderbird 68.1.0 * Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal cross-origin images * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build - Add -L flag to the stat call for checking file size of %{SOURCE4}. - Add fix-missing-return-warning.patch to silence a compiler warning. - Mozilla Thunderbird 68.0
Dominique Leuenberger (dimstar_suse)
accepted
request 720733
from
Wolfgang Rosenauer (wrosenauer)
(revision 215)
Dominique Leuenberger (dimstar_suse)
accepted
request 714774
from
Wolfgang Rosenauer (wrosenauer)
(revision 214)
- Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970) - Mozilla Thunderbird 60.8.0 * Calendar: Problems when editing event times, some related to AM/PM setting in non-English locales MFSA 2019-23 (boo#1140868) * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) Sandbox escape via installation of malicious languagepack * CVE-2019-11711 (bmo#1552541) Script injection within domain through inner window reuse * CVE-2019-11712 (bmo#1543804) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects * CVE-2019-11713 (bmo#1528481) Use-after-free with HTTP/2 cached stream * CVE-2019-11729 (bmo#1515342) Empty or malformed p256-ECDH public keys may trigger a segmentation fault * CVE-2019-11715 (bmo#1555523) HTML parsing error can contribute to content XSS * CVE-2019-11717 (bmo#1548306) Caret character improperly escaped in origins * CVE-2019-11719 (bmo#1540541) Out-of-bounds read when importing curve25519 private key * CVE-2019-11730 (bmo#1558299) Same-origin policy treats all files in a directory as having the same-origin * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and
Dominique Leuenberger (dimstar_suse)
accepted
request 711281
from
Wolfgang Rosenauer (wrosenauer)
(revision 213)
- Mozilla Thunderbird 60.7.2 MFSA 2019-20 (boo#1138872) * CVE-2019-11707 (bmo#1544386) Type confusion in Array.pop * CVE-2019-11708 (bmo#1559858) sandbox escape using Prompt:Open
Dominique Leuenberger (dimstar_suse)
accepted
request 709837
from
Wolfgang Rosenauer (wrosenauer)
(revision 212)
(also updated keyring) - Mozilla Thunderbird 60.7.1 * fixed: No prompt for smartcard PIN when S/MIME signing is used MFSA 2019-17 (boo#1137595) * CVE-2019-11703 (bmo#1553820) Heap buffer overflow in icalparser.c * CVE-2019-11704 (bmo#1553814) Heap buffer overflow in icalvalue.c * CVE-2019-11705 (bmo#1553808) Stack buffer overflow in icalrecur.c * CVE-2019-11706 (bmo#1555646) Type confusion in icalproperty.c - Increase disk space requirements in _constraints.
Dominique Leuenberger (dimstar_suse)
accepted
request 705454
from
Wolfgang Rosenauer (wrosenauer)
(revision 211)
- Mozilla Thunderbird 60.7.0 * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut MFSA 2019-15 (boo#1135824) * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * CVE-2019-9797 (bmo#1528909) Cross-origin theft of images with createImageBitmap * CVE-2018-18511 (bmo#1526218) Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11694 (bmo#1534196) (Windows only) Uninitialized memory memory leakage in Windows sandbox
Yuchen Lin (maxlin_factory)
accepted
request 697648
from
Wolfgang Rosenauer (wrosenauer)
(revision 210)
Displaying revisions 121 - 140 of 349