Revisions of MozillaThunderbird
Dominique Leuenberger (dimstar_suse)
accepted
request 894215
from
Wolfgang Rosenauer (wrosenauer)
(revision 255)
- Mozilla Thunderbird 78.10.2 * Added support for importing OpenPGP keys without a primary secret key * Add-ons manager displays a preferences icon for mail extensions that include an options page Fixed * OpenPGP messages with a high compression ratio (over 10x) could not be decrypted * Selected OpenPGP key was lost after opening the Key Properties dialog in Account Settings * Parsing some OpenPGP user IDs failed * Various improvements to OpenPGP partial encryption reminders * Mail toolbar buttons were too big when displaying both icons and text MFSA 2021-22 * CVE-2021-29956 (bmo#1710290) Thunderbird stored OpenPGP secret keys without master password protection * CVE-2021-29957 (bmo#1673241) Partial protection of inline OpenPGP message not indicated - do not rely on nodejs10 explicitely
Dominique Leuenberger (dimstar_suse)
accepted
request 891142
from
Wolfgang Rosenauer (wrosenauer)
(revision 254)
Dominique Leuenberger (dimstar_suse)
accepted
request 886906
from
Wolfgang Rosenauer (wrosenauer)
(revision 253)
- Mozilla Thunderbird 78.10.0 MFSA 2021-14 (bsc#1184960) * CVE-2021-23994 (bmo#1699077) Out of bound write due to lazy initialization * CVE-2021-23995 (bmo#1699835) Use-after-free in Responsive Design Mode * CVE-2021-23998 (bmo#1667456) Secure Lock icon could have been spoofed * CVE-2021-23961 (bmo#1677940) More internal network hosts could have been probed by a malicious webpage * CVE-2021-23999 (bmo#1691153) Blob URLs may have been granted additional privileges * CVE-2021-24002 (bmo#1702374) Arbitrary FTP command execution on FTP servers using an encoded URL * CVE-2021-29945 (bmo#1700690) Incorrect size computation in WebAssembly JIT could lead to null-reads * CVE-2021-29946 (bmo#1698503) Port blocking could be bypassed * CVE-2021-29948 (bmo#1692899) Race condition when reading from disk while verifying signatures - recommend libotr5
Dominique Leuenberger (dimstar_suse)
accepted
request 884316
from
Wolfgang Rosenauer (wrosenauer)
(revision 252)
- Mozilla Thunderbird 78.9.1 * Support recipient aliases for OpenPGP encryption * The key and signature parts of the message security popup on a received message could not be selected for copy/paste * Various UX and theme improvements MFSA 2021-13 * CVE-2021-23991 (bmo#1673240) An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key * MOZ-2021-23992 (bmo#1666236) A crafted OpenPGP key with an invalid user ID could be used to confuse the user * CVE-2021-23993 (bmo#1666360) Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
Richard Brown (RBrownSUSE)
accepted
request 881213
from
Wolfgang Rosenauer (wrosenauer)
(revision 251)
- Mozilla Thunderbird 78.9.0 * bugfixes: https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes MFSA 2021-12 (boo#1183942) * CVE-2021-23981 (bmo#1692832) Texture upload into an unbound backing buffer resulted in an out-of-bound read * MOZ-2021-0002 (bmo#1691547) Angle graphics library out of date * CVE-2021-23982 (bmo#1677046) Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984 (bmo#1693664) Malicious extensions could have spoofed popup information * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718) Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 - cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
Dominique Leuenberger (dimstar_suse)
accepted
request 878160
from
Wolfgang Rosenauer (wrosenauer)
(revision 250)
- Mozilla Thunderbird 78.8.1 * several bugfixes and improvements * https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/ - updated create-tar.sh (bsc#1182357)
Richard Brown (RBrownSUSE)
accepted
request 874775
from
Wolfgang Rosenauer (wrosenauer)
(revision 249)
- Mozilla Thunderbird 78.8.0 * various bugfixes MFSA 2021-09 (bsc#1182614) * CVE-2021-23969 (bmo#1542194) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23968 (bmo#1687342) Content Security Policy violation report could have contained the destination of a redirect * CVE-2021-23973 (bmo#1690976) MediaError message property could have leaked information about cross-origin resources * CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391, bmo#1687597) Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Dominique Leuenberger (dimstar_suse)
accepted
request 869925
from
Wolfgang Rosenauer (wrosenauer)
(revision 248)
- Mozilla Thunderbird 78.7.1 * CardDAV address books now support OAuth2 and Google Contacts * Thunderbird will no longer allow installation of addons that use legacy APIs
Dominique Leuenberger (dimstar_suse)
accepted
request 867009
from
Wolfgang Rosenauer (wrosenauer)
(revision 247)
- Mozilla Thunderbird 78.7.0 MFSA 2021-05 (bsc#1181414) * CVE-2021-23953 (bmo#1683940) Cross-origin information leakage via redirected PDF requests * CVE-2021-23954 (bmo#1684020) Type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-15685 (bmo#1622640) IMAP Response Injection when using STARTTLS * CVE-2020-26976 (bmo#1674343) HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960 (bmo#1675755) Use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, bmo#1685260, bmo#1685925) Memory safety bugs fixed in Thunderbird 78.7 - MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer rpm versions in TW remove everything there as the first action of %install
Dominique Leuenberger (dimstar_suse)
accepted
request 862980
from
Wolfgang Rosenauer (wrosenauer)
(revision 246)
- Mozilla Thunderbird 78.6.1 MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Dominique Leuenberger (dimstar_suse)
accepted
request 856497
from
Wolfgang Rosenauer (wrosenauer)
(revision 245)
- Mozilla Thunderbird 78.6.0 * changes and additions in MailExtensions * several bugfixes * https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/ MFSA 2020-56 (bsc#1180039)) * CVE-2020-16042 (bmo#1679003) Operations on a BigInt could have caused uninitialized memory to be exposed * CVE-2020-26971 (bmo#1663466) Heap buffer overflow in WebGL * CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed incorrect sanitization * CVE-2020-26974 (bmo#1681022) Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free * CVE-2020-26978 (bmo#1677047) Internal network hosts could have been probed by a malicious webpage * CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did not catch view-source URLs * CVE-2020-35112 (bmo#1661365) Opening an extension-less download may have inadvertently launched an executable instead * CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety bugs fixed in Thunderbird 78.6
Dominique Leuenberger (dimstar_suse)
accepted
request 852686
from
Wolfgang Rosenauer (wrosenauer)
(revision 244)
- Mozilla Thunderbird 78.5.1 MFSA 2020-53 (bsc#1179530) * CVE-2020-26970 (bmo#1677338) Stack overflow due to incorrect parsing of SMTP server response codes
Dominique Leuenberger (dimstar_suse)
accepted
request 849310
from
Wolfgang Rosenauer (wrosenauer)
(revision 243)
- Mozilla Thunderbird 78.5.0 MFSA 2020-52 (bsc#1178894) * CVE-2020-26951 (bmo#1667113) Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012 (bmo#1642028) Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953 (bmo#1656741) Fullscreen could be enabled without displaying the security UI * CVE-2020-26956 (bmo#1666300) XSS through paste (manual and clipboard API) * CVE-2020-26958 (bmo#1669355) Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959 (bmo#1669466) Use-after-free in WebRequestService * CVE-2020-26960 (bmo#1670358) Potential use-after-free in uses of nsTArray * CVE-2020-15999 (bmo#1672223) Heap buffer overflow in freetype * CVE-2020-26961 (bmo#1672528) DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965 (bmo#1661617) Software keyboards may have remembered typed passwords * CVE-2020-26966 (bmo#1663571) Single-word search queries were also broadcast to local network * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
Dominique Leuenberger (dimstar_suse)
accepted
request 847757
from
Wolfgang Rosenauer (wrosenauer)
(revision 242)
Please give this a try with rust 1.47. The patch is taken from the Fedora repo to fix the build. I cannot test locally unfortunately. (Please note that TB 78.4.3 is currently not fully released upstream but in the pipeline as RC but it most likely means that the source check service fails.) - Mozilla Thunderbird 78.4.3 https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/ - added mozilla-rust-1.47.patch to fix build with rust 1.47 - Mozilla Thunderbird 78.4.2 MFSA 2020-49 * CVE-2020-26950 (bmo#1675905) Write side effects in MCallGetProperty opcode not accounted for - Mozilla Thunderbird 78.4.1 * Bugfixes and minor features https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
Dominique Leuenberger (dimstar_suse)
accepted
request 843275
from
Wolfgang Rosenauer (wrosenauer)
(revision 241)
- Mozilla Thunderbird 78.4.0 * MailExtensions: browser.tabs.sendMessage API added * MailExtensions: messageDisplayScripts API added * Yahoo and AOL mail users using password authentication will be migrated to OAuth2 * MailExtensions: messageDisplay APIs extended to support multiple selected messages * MailExtensions: compose.begin functions now support creating a message with attachments * multiple bugfixes MFSA 2020-47 (bsc#1177872) * CVE-2020-15969 (bmo#1666570) Use-after-free in usersctp * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760, bmo#1663439, bmo#1666140) Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
Dominique Leuenberger (dimstar_suse)
accepted
request 842109
from
Wolfgang Rosenauer (wrosenauer)
(revision 240)
- Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * OpenPGP Key Manager was missing from Tools menu on macOS * Creating a new calendar event did not require an event title - remove python2 dependencies for TW - support wayland mode/autodetection in startup wrapper - replace some Requires to use requires_ge macro where appropriate - improve langpack build (as already used for Firefox) - add ccache statistics output to build
Dominique Leuenberger (dimstar_suse)
accepted
request 840001
from
Wolfgang Rosenauer (wrosenauer)
(revision 239)
- Mozilla Thunderbird 78.3.2 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP: Encrypted messages with international characters were sometimes displayed incorrectly * Single-click deletion of recipient pills with middle mouse button restored * Searching an address book list did not display results * Dark mode, high contrast, and Windows theming fixes
Dominique Leuenberger (dimstar_suse)
accepted
request 838449
from
Wolfgang Rosenauer (wrosenauer)
(revision 238)
- Mozilla Thunderbird 78.3.1 * fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120) - Mozilla Thunderbird 78.3.0 MFSA 2020-44 (bsc#1176756) * CVE-2020-15677 (bmo#1641487) Download origin spoofing via redirect * CVE-2020-15676 (bmo#1646140) XSS when pasting attacker-controlled data into a contenteditable element * CVE-2020-15678 (bmo#1660211) When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after- free scenario * CVE-2020-15673 (bmo#1648493, bmo#1660800) Memory safety bugs fixed in Thunderbird 78.3 - requires NSPR >= 4.25.1 - removed obsolete thunderbird-bmo1664607.patch - Mozilla Thunderbird 78.2.2 https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes - added thunderbird-bmo1664607.patch required for builds w/o updater (boo#1176384) - Mozilla Thunderbird 78.2.1 * based on Mozilla's 78 ESR codebase * many new and changed features https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew * built-in OpenPGP support (enigmail neither required nor supported) - added platform patches:
Dominique Leuenberger (dimstar_suse)
accepted
request 832601
from
Factory Maintainer (factory-maintainer)
(revision 237)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 828128
from
Wolfgang Rosenauer (wrosenauer)
(revision 236)
Displaying revisions 81 - 100 of 335