<revisionlist>
<revision rev="1" vrev="1">
<srcmd5>ce8e4b3bed806b13b9a79a044afb64c3</srcmd5>
<version>1.5.0.8</version>
<time>1168901372</time>
<user>unknown</user>
</revision>
<revision rev="2" vrev="4">
<srcmd5>cdcc3915517b39154ff7eee205eaa54a</srcmd5>
<version>1.5.0.8</version>
<time>1169206915</time>
<user>unknown</user>
</revision>
<revision rev="3" vrev="5">
<srcmd5>711278631d53df8a5535b09dc12a01dd</srcmd5>
<version>1.5.0.8</version>
<time>1170198883</time>
<user>unknown</user>
</revision>
<revision rev="4" vrev="1">
<srcmd5>4ec0dfea89c47eb3cc3eaf50f422364e</srcmd5>
<version>1.5.0.10</version>
<time>1173380069</time>
<user>unknown</user>
</revision>
<revision rev="5" vrev="7">
<srcmd5>e05b9368ff208eb0caf6edcfd42c4ae4</srcmd5>
<version>1.5.0.10</version>
<time>1175246573</time>
<user>unknown</user>
</revision>
<revision rev="6" vrev="34">
<srcmd5>1a211fec71708f070dffa19d1b74bc10</srcmd5>
<version>1.5.0.10</version>
<time>1181054085</time>
<user>unknown</user>
</revision>
<revision rev="7" vrev="1">
<srcmd5>097fd0a5464fc64d88afbc13e94cdfef</srcmd5>
<version>1.5.0.12</version>
<time>1181066696</time>
<user>unknown</user>
</revision>
<revision rev="8" vrev="1">
<srcmd5>be09145ec736f9b294c9d449b877b1a3</srcmd5>
<version>2.0.0.0</version>
<time>1181774559</time>
<user>unknown</user>
</revision>
<revision rev="9" vrev="1">
<srcmd5>d430483538992f777c659c012ba12846</srcmd5>
<version>2.0.0.4</version>
<time>1182036700</time>
<user>unknown</user>
</revision>
<revision rev="10" vrev="2">
<srcmd5>99a9399fb03714379ae06f6f2c4504fd</srcmd5>
<version>2.0.0.4</version>
<time>1182458632</time>
<user>unknown</user>
</revision>
<revision rev="11" vrev="1">
<srcmd5>354c74b4a90d22cc608f135d1014ef36</srcmd5>
<version>2.0.0.5</version>
<time>1186683491</time>
<user>unknown</user>
</revision>
<revision rev="12" vrev="5">
<srcmd5>208f2ffd069044a4023a3c53532952a1</srcmd5>
<version>2.0.0.5</version>
<time>1187202836</time>
<user>unknown</user>
</revision>
<revision rev="13" vrev="1">
<srcmd5>807b1e7ab977e223a6e9101ed8984792</srcmd5>
<version>2.0.0.6</version>
<time>1188227535</time>
<user>unknown</user>
</revision>
<revision rev="14" vrev="7">
<srcmd5>10b3d1853c0074988b1e63eb5f92842a</srcmd5>
<version>2.0.0.6</version>
<time>1188838337</time>
<user>unknown</user>
</revision>
<revision rev="15" vrev="11">
<srcmd5>f826b58bc073bcce4d7f379a29e614c7</srcmd5>
<version>2.0.0.6</version>
<time>1189421019</time>
<user>unknown</user>
</revision>
<revision rev="16" vrev="14">
<srcmd5>5772cabadf01c41867b5b6ec5654c842</srcmd5>
<version>2.0.0.6</version>
<time>1189672413</time>
<user>unknown</user>
</revision>
<revision rev="17" vrev="16">
<srcmd5>99eac5dcf5ff617bfe181519e0140676</srcmd5>
<version>2.0.0.6</version>
<time>1189702274</time>
<user>unknown</user>
</revision>
<revision rev="18" vrev="45">
<srcmd5>2ddf8959a6be293b9de5d0918b363e2c</srcmd5>
<version>2.0.0.6</version>
<time>1194986424</time>
<user>unknown</user>
</revision>
<revision rev="19" vrev="1">
<srcmd5>9025d64f66cf1b93de848a9fe1f6bea4</srcmd5>
<version>2.0.0.9</version>
<time>1200680912</time>
<user>unknown</user>
</revision>
<revision rev="20" vrev="1">
<srcmd5>457d67ed211615b8cdf630d6b53195b2</srcmd5>
<version>2.0.0.12</version>
<time>1205324080</time>
<user>unknown</user>
</revision>
<revision rev="21" vrev="7">
<srcmd5>65a419034e8d9d68543078b7e072fff6</srcmd5>
<version>2.0.0.12</version>
<time>1206543719</time>
<user>unknown</user>
</revision>
<revision rev="22" vrev="28">
<srcmd5>a3ffd9b173bac44ef33b7d90cd4f348d</srcmd5>
<version>2.0.0.12</version>
<time>1210980260</time>
<user>unknown</user>
</revision>
<revision rev="23" vrev="32">
<srcmd5>509f1ede6ac01c5f8ba3886651dc1b34</srcmd5>
<version>2.0.0.12</version>
<time>1212503162</time>
<user>unknown</user>
</revision>
<revision rev="24" vrev="1">
<srcmd5>c16779ffeaa1669359cc7afeef1ea3cd</srcmd5>
<version>2.0.0.14</version>
<time>1214435781</time>
<user>unknown</user>
</revision>
<revision rev="25" vrev="11">
<srcmd5>c5d4008d916fe68609399c9ae0c5423f</srcmd5>
<version>2.0.0.14</version>
<time>1216997839</time>
<user>unknown</user>
</revision>
<revision rev="26" vrev="1">
<srcmd5>e251c1810b801cd74a2ba09f5d5e4476</srcmd5>
<version>2.0.0.16</version>
<time>1221473921</time>
<user>unknown</user>
</revision>
<revision rev="27" vrev="1">
<srcmd5>640b901416da07766d4a0dc60c19a626</srcmd5>
<version>2.0.0.17</version>
<time>1224795140</time>
<user>unknown</user>
</revision>
<revision rev="28" vrev="1">
<srcmd5>11adda7c19d642333e7ec677e35951c8</srcmd5>
<version>2.0.0.18</version>
<time>1227280120</time>
<user>unknown</user>
</revision>
<revision rev="29" vrev="1">
<srcmd5>80d4a89c58758ec03b2b6302db5034b0</srcmd5>
<version>2.0.0.19</version>
<time>1231461406</time>
<user>unknown</user>
</revision>
<revision rev="30" vrev="1">
<srcmd5>8fce5cc9c90567c0113107df850ecfef</srcmd5>
<version>2.0.0.21</version>
<time>1239808005</time>
<user>unknown</user>
</revision>
<revision rev="31" vrev="2">
<srcmd5>9d588d8eab8c1897f3181aa9c43c1cba</srcmd5>
<version>2.0.0.21</version>
<time>1243941560</time>
<user>unknown</user>
</revision>
<revision rev="32" vrev="3">
<srcmd5>25e956710e2cf7c5f5b07b65c632eb19</srcmd5>
<version>2.0.0.21</version>
<time>1245365761</time>
<user>unknown</user>
</revision>
<revision rev="33" vrev="4">
<srcmd5>e91dba912392ae02973485a3c10bc01a</srcmd5>
<version>2.0.0.21</version>
<time>1245467711</time>
<user>unknown</user>
</revision>
<revision rev="34" vrev="1">
<srcmd5>7779765924b17dea5d537155e8c2d85f</srcmd5>
<version>3.0b3</version>
<time>1248170932</time>
<user>unknown</user>
</revision>
<revision rev="35" vrev="2">
<srcmd5>a4e5f1d5b976929b6669312b02600485</srcmd5>
<version>3.0b3</version>
<time>1248823436</time>
<user>unknown</user>
</revision>
<revision rev="36" vrev="3">
<srcmd5>e7d7dd4d1fcded26fcbeb91d33c721a7</srcmd5>
<version>3.0b3</version>
<time>1249921139</time>
<user>unknown</user>
</revision>
<revision rev="37" vrev="4">
<srcmd5>c04d5591a98d76e8f9efca178e4f8209</srcmd5>
<version>3.0b3</version>
<time>1250873920</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 18428 from user wrosenauer
</comment>
</revision>
<revision rev="38" vrev="5">
<srcmd5>5d62b36dd1802564d15857b5ca219f37</srcmd5>
<version>3.0b3</version>
<time>1251496294</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 19035 from user wrosenauer
</comment>
</revision>
<revision rev="39" vrev="1">
<srcmd5>0ce6507cfc0bbfaa12d2fbedca8171e9</srcmd5>
<version>3.0b4</version>
<time>1253730107</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 20944 from user wrosenauer
</comment>
</revision>
<revision rev="40" vrev="2">
<srcmd5>dd0b1c474b034dce14a9ac3b03d7fd6e</srcmd5>
<version>3.0b4</version>
<time>1254966248</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 21376 from user wrosenauer
</comment>
</revision>
<revision rev="41" vrev="4">
<srcmd5>dd0b1c474b034dce14a9ac3b03d7fd6e</srcmd5>
<version>3.0b4</version>
<time>1254966248</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 21376 from user wrosenauer
</comment>
</revision>
<revision rev="42" vrev="5">
<srcmd5>4f4108d9b38b075d376121422b4f7774</srcmd5>
<version>3.0b4</version>
<time>1256305002</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 22482 from user wrosenauer
</comment>
</revision>
<revision rev="43" vrev="1">
<srcmd5>659ec32abadcac3c64fc2438d472cca9</srcmd5>
<version>3.0.0</version>
<time>1260276087</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 26004 from user wrosenauer
</comment>
</revision>
<revision rev="44" vrev="1">
<srcmd5>416cc5480cbbe7cf3d313bbbdc49f5de</srcmd5>
<version>3.0.1</version>
<time>1264074743</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 29991 from user wrosenauer
</comment>
</revision>
<revision rev="45" vrev="1">
<srcmd5>c427052fe3a40b67b7b76752858f459e</srcmd5>
<version>3.0.3</version>
<time>1267786648</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 34079 from user wrosenauer
</comment>
<requestid>34079</requestid>
</revision>
<revision rev="46" vrev="2">
<srcmd5>e03686a6a9ac55986b4fb94253f74e96</srcmd5>
<version>3.0.3</version>
<time>1268922750</time>
<user>autobuild</user>
</revision>
<revision rev="47" vrev="1">
<srcmd5>6d92baa97c3471ca970f013ccd22d7bd</srcmd5>
<version>3.0.4</version>
<time>1270247111</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 36777 from user wrosenauer
</comment>
<requestid>36777</requestid>
</revision>
<revision rev="48" vrev="2">
<srcmd5>c5ec1f0a35c33a44d37a0c2c090703a9</srcmd5>
<version>3.0.4</version>
<time>1275494520</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 41013 from user coolo
</comment>
<requestid>41013</requestid>
</revision>
<revision rev="49" vrev="1">
<srcmd5>3076875968370d2b13eaadf8dffc7fd3</srcmd5>
<version>3.0.5</version>
<time>1277195168</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 41773 from user wrosenauer
</comment>
<requestid>41773</requestid>
</revision>
<revision rev="50" vrev="2">
<srcmd5>fdd97d064aa7c69e40c7c706e9dc7635</srcmd5>
<version>3.0.5</version>
<time>1277720152</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 41985 from user wrosenauer
</comment>
<requestid>41985</requestid>
</revision>
<revision rev="51" vrev="3">
<srcmd5>fdd97d064aa7c69e40c7c706e9dc7635</srcmd5>
<version>3.0.5</version>
<time>1278667369</time>
<user>autobuild</user>
<comment>release number sync</comment>
</revision>
<revision rev="52" vrev="4">
<srcmd5>fdd97d064aa7c69e40c7c706e9dc7635</srcmd5>
<version>3.0.5</version>
<time>1278678598</time>
<user>autobuild</user>
<comment>release number sync</comment>
</revision>
<revision rev="53" vrev="1">
<srcmd5>12a5cbf6bbb369663772c554e1144383</srcmd5>
<version>3.1.1</version>
<time>1280675964</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 43908 from user wrosenauer
</comment>
<requestid>43908</requestid>
</revision>
<revision rev="54" vrev="2">
<srcmd5>f23d5b392ebf04953ec9350c05754a88</srcmd5>
<version>3.1.1</version>
<time>1283520713</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 46683 from user wrosenauer
</comment>
<requestid>46683</requestid>
</revision>
<revision rev="55" vrev="3">
<srcmd5>21d07b61483b04dfb00b2748c839a448</srcmd5>
<version>unknown</version>
<time>1284469987</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 47529 from user wrosenauer
</comment>
<requestid>47529</requestid>
</revision>
<revision rev="56" vrev="4">
<srcmd5>528dffd25a431d105d744c2facb19cfb</srcmd5>
<version>3.1.4</version>
<time>1284767500</time>
<user>autobuild</user>
<comment>Copy from mozilla:Factory/MozillaThunderbird based on submit request 48365 from user wrosenauer
</comment>
<requestid>48365</requestid>
</revision>
<revision rev="57" vrev="1">
<srcmd5>06060c16415ab12f79c6d5ce8da9e6db</srcmd5>
<version>3.1.5</version>
<time>1287676597</time>
<user>oertel</user>
<comment>Accepted submit request 51186 from user wrosenauer
</comment>
<requestid>51186</requestid>
</revision>
<revision rev="58" vrev="2">
<srcmd5>cf761d7ac7db5fe3332b96205c4520cf</srcmd5>
<version>3.1.5</version>
<time>1287676608</time>
<user>autobuild</user>
<comment>Autobuild autoformatter for 51186
</comment>
</revision>
<revision rev="59" vrev="1">
<srcmd5>12c9d2ff0f02f98cedacfcb4b78f1b00</srcmd5>
<version>3.1.6</version>
<time>1288273918</time>
<user>oertel</user>
<comment>Accepted submit request 51547 from user wrosenauer
</comment>
<requestid>51547</requestid>
</revision>
<revision rev="60" vrev="2">
<srcmd5>b89cfe0f9a5bf6d1476002054041b2fb</srcmd5>
<version>3.1.6</version>
<time>1288273926</time>
<user>autobuild</user>
<comment>Autobuild autoformatter for 51547
</comment>
</revision>
<revision rev="61" vrev="4">
<srcmd5>234bbbd8f593f7cb2a6908b8877698cf</srcmd5>
<version>unknown</version>
<time>1292005261</time>
<user>darix</user>
<comment>Accepted submit request 55507 from user wrosenauer
</comment>
<requestid>55507</requestid>
</revision>
<revision rev="62" vrev="5">
<srcmd5>a7fcd722d283974ad1745b49c773e14e</srcmd5>
<version>unknown</version>
<time>1292005271</time>
<user>darix</user>
<comment>Autobuild autoformatter for 55507
</comment>
</revision>
<revision rev="63" vrev="6">
<srcmd5>8ceecdcc3377af571a46bb78ca8f4182</srcmd5>
<version>unknown</version>
<time>1294669112</time>
<user>darix</user>
<comment>Accepted submit request 57627 from user wrosenauer
</comment>
<requestid>57627</requestid>
</revision>
<revision rev="64" vrev="7">
<srcmd5>50669bc15eb34505cbc1a69716e29772</srcmd5>
<version>unknown</version>
<time>1294669125</time>
<user>darix</user>
<comment>Autobuild autoformatter for 57627
</comment>
</revision>
<revision rev="65" vrev="8">
<srcmd5>1866e1f25f7b8b1c61b85dc541cbc431</srcmd5>
<version>unknown</version>
<time>1294973479</time>
<user>darix</user>
<comment>Accepted submit request 58062 from user wrosenauer
</comment>
<requestid>58062</requestid>
</revision>
<revision rev="66" vrev="9">
<srcmd5>bf812e4219e68d802a2e872a3e42a656</srcmd5>
<version>unknown</version>
<time>1294973492</time>
<user>darix</user>
<comment>Autobuild autoformatter for 58062
</comment>
</revision>
<revision rev="67" vrev="12">
<srcmd5>bf812e4219e68d802a2e872a3e42a656</srcmd5>
<version>unknown</version>
<time>1297941524</time>
<user>autobuild</user>
<comment>11.4 source split</comment>
</revision>
<revision rev="68" vrev="13">
<srcmd5>8de64af4ec87b688c1122b8c346b2544</srcmd5>
<version>unknown</version>
<time>1301564115</time>
<user>saschpe</user>
<comment>Accepted submit request 65602 from user coolo
</comment>
<requestid>65602</requestid>
</revision>
<revision rev="69" vrev="14">
<srcmd5>a03862e3e68b43192cac0697d0b0405c</srcmd5>
<version>unknown</version>
<time>1301564127</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 65602
</comment>
</revision>
<revision rev="70" vrev="15">
<srcmd5>febbba551e901db9f92f5a5dc4da2ef8</srcmd5>
<version>unknown</version>
<time>1306426263</time>
<user>darix</user>
<comment>update</comment>
<requestid>68988</requestid>
</revision>
<revision rev="71" vrev="16">
<srcmd5>ca614d2bc3a6a779ed30d7a24e7a8774</srcmd5>
<version>unknown</version>
<time>1306488591</time>
<user>autobuild</user>
</revision>
<revision rev="72" vrev="17">
<srcmd5>6ea7e5bdd3d4ce78f69f937d9dc9a18e</srcmd5>
<version>unknown</version>
<time>1310392445</time>
<user>saschpe</user>
<comment>Thunderbird 5 + enigmail 1.2</comment>
<requestid>75945</requestid>
</revision>
<revision rev="73" vrev="18">
<srcmd5>46c4a708e375b179163d35739bf0f249</srcmd5>
<version>unknown</version>
<time>1310392460</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 75945
</comment>
</revision>
<revision rev="74" vrev="19">
<srcmd5>ad7d848cf6e156c7d7de2a4b464ddd41</srcmd5>
<version>unknown</version>
<time>1312357821</time>
<user>saschpe</user>
<comment></comment>
<requestid>77746</requestid>
</revision>
<revision rev="75" vrev="20">
<srcmd5>61e3d9e66c52c647a75be25a77ae1187</srcmd5>
<version>unknown</version>
<time>1312357836</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 77746
</comment>
</revision>
<revision rev="76" vrev="21">
<srcmd5>549dee9e3752334c27f705238ec42faa</srcmd5>
<version>unknown</version>
<time>1313496798</time>
<user>saschpe</user>
<comment></comment>
<requestid>79015</requestid>
</revision>
<revision rev="77" vrev="22">
<srcmd5>17156afd230ee3dea8fc2c620c8ac2db</srcmd5>
<version>unknown</version>
<time>1313496817</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 79015
</comment>
</revision>
<revision rev="78" vrev="23">
<srcmd5>1b5a7862a5b1be5575a8ffef0f4292c4</srcmd5>
<version>unknown</version>
<time>1313651290</time>
<user>saschpe</user>
<comment></comment>
<requestid>79165</requestid>
</revision>
<revision rev="79" vrev="24">
<srcmd5>5b57de873a31a5a4d41d742c90dea241</srcmd5>
<version>unknown</version>
<time>1313651305</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 79165
</comment>
</revision>
<revision rev="80" vrev="25">
<srcmd5>db9d50e6d22b706ccbf063ae1a83fc6d</srcmd5>
<version>6.0.2</version>
<time>1315559070</time>
<user>saschpe</user>
<comment>security update to Thunderbird 6.0.2 - bnc#714931</comment>
<requestid>81397</requestid>
</revision>
<revision rev="81" vrev="26">
<srcmd5>2c3a842802fb7f40e6acc93ff9fc25d2</srcmd5>
<version>6.0.2</version>
<time>1315559082</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 81397
</comment>
</revision>
<revision rev="82" vrev="27">
<srcmd5>9f4baec8efdbd459127c1e4fef43ed75</srcmd5>
<version>6.0.2</version>
<time>1315760537</time>
<user>saschpe</user>
<comment>- make enigmail a subversion of Thunderbird to fix %release
number tracking issues with the Open Build Service
(taken from dmueller's 3.1.x changes)</comment>
<requestid>81759</requestid>
</revision>
<revision rev="83" vrev="28">
<srcmd5>fb9c91be6d0608798da7fb9d34bf4568</srcmd5>
<version>6.0.2</version>
<time>1315760546</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 81759
</comment>
</revision>
<revision rev="84" vrev="29">
<srcmd5>0425bc8478c02655b837d82854aa5a26</srcmd5>
<version>6.0.2</version>
<time>1316080553</time>
<user>saschpe</user>
<comment></comment>
<requestid>82129</requestid>
</revision>
<revision rev="85" vrev="30">
<srcmd5>d156aca3e0bb582296ada3a3c8813c66</srcmd5>
<version>6.0.2</version>
<time>1316080561</time>
<user>saschpe</user>
<comment>Autobuild autoformatter for 82129
</comment>
</revision>
<revision rev="86" vrev="31">
<srcmd5>9b46b855e141f3c549b2986ea4738ba1</srcmd5>
<version>unknown</version>
<time>1317211309</time>
<user>saschpe</user>
<comment>- update to version 7.0 (bnc#720264)
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches</comment>
<requestid>85282</requestid>
</revision>
<revision rev="87" vrev="32">
<srcmd5>23d5b486362ee3401264e49b40e11ab1</srcmd5>
<version>unknown</version>
<time>1317541527</time>
<user>lrupp</user>
<comment></comment>
<requestid>85867</requestid>
</revision>
<revision rev="88" vrev="34">
<srcmd5>23d5b486362ee3401264e49b40e11ab1</srcmd5>
<version>unknown</version>
<time>1319181753</time>
<user>adrianSuSE</user>
</revision>
<revision rev="89" vrev="35">
<srcmd5>2406dc0f61dd08c2decbeeadf7be6e2b</srcmd5>
<version>unknown</version>
<time>1320936906</time>
<user>coolo</user>
<comment>- update to version 8.0 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
- rebased patches
- update enigmail to 1.3.3
- update icon cache after install/removal (bnc#726758)</comment>
<requestid>90814</requestid>
</revision>
<revision rev="90" vrev="36">
<srcmd5>89ac457ee5a5fc3c0d28363803b0300d</srcmd5>
<version>unknown</version>
<time>1321980525</time>
<user>coolo</user>
<comment></comment>
<requestid>92968</requestid>
</revision>
<revision rev="91" vrev="37">
<srcmd5>6296a9f945032c35b16caca812a9a632</srcmd5>
<version>unknown</version>
<time>1323192597</time>
<user>coolo</user>
<comment>replace license with spdx.org variant</comment>
</revision>
<revision rev="92" vrev="38">
<srcmd5>8f5e3a5cd331fa339f2500e327a40256</srcmd5>
<version>unknown</version>
<time>1324831021</time>
<user>coolo</user>
<comment>- update to version 9.0 (bnc#737533)
* MFSA 2011-53/CVE-2011-3660
Miscellaneous memory safety hazards (rv:9.0)
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
Key detection without JavaScript via SVG animation
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
Crash scaling <video> to extreme sizes
- fixed accessibility under GNOME 3 (bnc#732898)
(mozilla-a11y.patch)
- do not show update channel in about box
(tb-no-update-channel.patch)
- update enigmail to 1.3.4 (bnc#733002)
* fixes several regressions from previous release</comment>
<requestid>97352</requestid>
</revision>
<revision rev="93" vrev="39">
<srcmd5>8caf9a4e49f96b182f90f02e8e65ebd7</srcmd5>
<version>unknown</version>
<time>1328201901</time>
<user>coolo</user>
<comment>- update to version 10.0 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
<iframe> element exposed across domains via name attribute
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
Frame scripts calling into untrusted objects bypass security
checks
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
Uninitialized memory appended when encoding icon images may
cause information disclosure
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets
- update enigmail to 1.3.5
- added mozilla-disable-neon-option.patch to be able to disable
neon on ARM
- removed obsolete PPC64 patch</comment>
<requestid>102414</requestid>
</revision>
<revision rev="94" vrev="40">
<srcmd5>ed6ab17dbde17407ee9e33d21d87d98f</srcmd5>
<version>unknown</version>
<time>1329242626</time>
<user>coolo</user>
<comment>- update to version 10.0.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)</comment>
<requestid>104185</requestid>
</revision>
<revision rev="95" vrev="41">
<srcmd5>87595d3eb55f40e906de675d8fc71ebb</srcmd5>
<version>unknown</version>
<time>1329476778</time>
<user>coolo</user>
<comment>- update to Thunderbird 10.0.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow</comment>
<requestid>105495</requestid>
</revision>
<revision rev="96" vrev="42">
<srcmd5>67e8ac42fb719c319f9df1980c2aa97c</srcmd5>
<version>unknown</version>
<time>1331900305</time>
<user>coolo</user>
<comment>- update to Thunderbird 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- update enigmail to 1.4
- added KDE integration patches (bnc#749440)
- update enigmail to 1.3.99 (1.4a1pre)</comment>
<requestid>109222</requestid>
</revision>
<revision rev="97" vrev="43">
<srcmd5>52d2cf1499bb39ffd073da2fd52d4dde</srcmd5>
<version>unknown</version>
<time>1333437566</time>
<user>coolo</user>
<comment>- update to Thunderbird 11.0.1 (bnc#755060)
* Fixing an issue where filters can get messed up (bmo#735940)
* Fixes a hang when switching IMAP folders, or doing other
imap functions (bmo#733731)</comment>
<requestid>112142</requestid>
</revision>
<revision rev="98" vrev="44">
<srcmd5>4bc754414ec7949dd664e1a6e181e719</srcmd5>
<version>unknown</version>
<time>1335190310</time>
<user>coolo</user>
<comment>- update to Thunderbird 12.0 (bnc#758408)
- update Enigmail to 1.4.1
- added mozilla-revert_621446.patch
- added mozilla-libnotify.patch (bmo#737646)
- added mailnew-showalert.patch (bmo#739146)
- added mozilla-gcc47.patch and mailnews-literals.patch to fix
compilation issues with recent gcc 4.7
- disabled crashreporter temporarily for Factory (gcc 4.7 issue)</comment>
<requestid>114916</requestid>
</revision>
<revision rev="99" vrev="45">
<srcmd5>09a294467d967135fc2c33cdc5a2839a</srcmd5>
<version>unknown</version>
<time>1336423694</time>
<user>coolo</user>
<comment>- update to Thunderbird 12.0.1
* fix regressions
- POP3 filters (bmo#748090)
- Message Body not loaded when using "Fetch Headers Only"
(bmo#748865)
- Received messages contain parts of other messages with
movemail account (bmo#748726)
- New mail notification issue (bmo#748997)
- crash in nsMsgDatabase::MatchDbName (bmo#748432)
- fixed build with gcc 4.7
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions</comment>
<requestid>115998</requestid>
</revision>
<revision rev="100" vrev="46">
<srcmd5>4dc2d4680c202456a0dcfc1bffd3d05b</srcmd5>
<version>unknown</version>
<time>1337195316</time>
<user>coolo</user>
<comment></comment>
<requestid>121180</requestid>
</revision>
<revision rev="101" vrev="47">
<srcmd5>ffdaed2577df0d00e95821f47d83f95b</srcmd5>
<version>unknown</version>
<time>1338991733</time>
<user>coolo</user>
<comment>- update to Thunderbird 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix build with system NSPR (mozilla-system-nspr.patch)
- add dependentlibs.list for improved XRE startup
- update enigmail to 1.4.2</comment>
<requestid>123738</requestid>
</revision>
<revision rev="102" vrev="48">
<srcmd5>389da1b6001520312b77ab6ede3864ad</srcmd5>
<version>unknown</version>
<time>1340033502</time>
<user>coolo</user>
<comment>- update to Thunderbird 13.0.1
* bugfix release</comment>
<requestid>125187</requestid>
</revision>
<revision rev="103" vrev="50">
<srcmd5>389da1b6001520312b77ab6ede3864ad</srcmd5>
<version>unknown</version>
<time>1340183152</time>
<user>adrianSuSE</user>
<comment>branched from openSUSE:Factory</comment>
</revision>
<revision rev="104" vrev="51">
<srcmd5>756b9c23f0a990dc8bdf136a662368ae</srcmd5>
<version>unknown</version>
<time>1341820280</time>
<user>coolo</user>
<comment>fix arm build (forwarded request 127201 from adrianSuSE)</comment>
<requestid>127263</requestid>
</revision>
<revision rev="105" vrev="52">
<srcmd5>c00dcd51a64685c97187628948f6d8cb</srcmd5>
<version>unknown</version>
<time>1342772433</time>
<user>coolo</user>
<comment>- update to Thunderbird 14.0 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
Code execution through javascript: URLs
* relicensed to MPL-2.0
- update Enigmail to 1.4.3
* bugfix release</comment>
<requestid>128279</requestid>
</revision>
<revision rev="106" vrev="53">
<srcmd5>41bffe26964c2d378763ca0d861067f1</srcmd5>
<version>unknown</version>
<time>1343639850</time>
<user>namtrac</user>
<comment>Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) (forwarded request 129194 from a_jaeger)</comment>
<requestid>129202</requestid>
</revision>
<revision rev="107" vrev="54">
<srcmd5>c644b785e59e805bb114fb18ef7c0af7</srcmd5>
<version>unknown</version>
<time>1346399136</time>
<user>coolo</user>
<comment>- update to Thunderbird 15.0 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
Location object security checks bypassed by chrome code
* MFSA 2012-72/CVE-2012-3980 (bmo#771859)
Web console eval capable of executing chrome-privileged code
- update Enigmail to 1.4.4</comment>
<requestid>131906</requestid>
</revision>
<revision rev="108" vrev="55">
<srcmd5>763ea33f153ef922c471802375509490</srcmd5>
<version>unknown</version>
<time>1349946593</time>
<user>coolo</user>
<comment>- update to Thunderbird 16.0 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)</comment>
<requestid>137669</requestid>
</revision>
<revision rev="109" vrev="56">
<srcmd5>1db3775d8ebe9b2aed0a94191e4c4613</srcmd5>
<version>unknown</version>
<time>1350150866</time>
<user>coolo</user>
<comment>- update to Thunderbird 16.0.1 (bnc#783533)
* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
Miscellaneous memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
defaultValue security checks not applied</comment>
<requestid>137944</requestid>
</revision>
<revision rev="110" vrev="57">
<srcmd5>5f9c907af8847023064a5eb242d19e9b</srcmd5>
<version>unknown</version>
<time>1351537396</time>
<user>coolo</user>
<comment>- update to Thunderbird 16.0.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues</comment>
<requestid>139559</requestid>
</revision>
<revision rev="111" vrev="58">
<srcmd5>67ae4aad415553343d3d5045faa2ca87</srcmd5>
<version>unknown</version>
<time>1353589343</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-102/CVE-2012-5837 (bmo#800363)
Script entered into Developer Toolbar runs with chrome privileges
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
Use-after-free and buffer overflow issues found using Address
Sanitizer
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838</comment>
<requestid>142209</requestid>
</revision>
<revision rev="112" vrev="59">
<srcmd5>cdfcd8da562e20e70bcc9ec2fcbdde38</srcmd5>
<version>unknown</version>
<time>1354527841</time>
<user>coolo</user>
<comment>- fix KDE integration for file dialogs
- fix some rpmlint warnings (mkdir.done files)
- build on SLE11
* mozilla-gcc43-enums.patch
* mozilla-gcc43-template_hacks.patch
* mozilla-gcc43-templates_instantiation.patch</comment>
<requestid>143654</requestid>
</revision>
<revision rev="113" vrev="60">
<srcmd5>0e5f09be26a050ac5cfc9018507ffda8</srcmd5>
<version>unknown</version>
<time>1357822050</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.2 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
Privilege escalation through plugin objects</comment>
<requestid>147600</requestid>
</revision>
<revision rev="114" vrev="62">
<srcmd5>0e5f09be26a050ac5cfc9018507ffda8</srcmd5>
<version>unknown</version>
<time>1359108620</time>
<user>adrianSuSE</user>
<comment>Split 12.3 from Factory</comment>
</revision>
<revision rev="115" vrev="63">
<srcmd5>c974f2c4e49058e4c7f913b81cdeb6d6</srcmd5>
<version>unknown</version>
<time>1361349191</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.3 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783
Miscellaneous memory safety hazards
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- update Enigmail to 1.5.1
* The release fixes the regressions found in the past few
weeks</comment>
<requestid>155862</requestid>
</revision>
<revision rev="116" vrev="64">
<srcmd5>be90c6e65637e3023da0fbb31a5f7166</srcmd5>
<version>unknown</version>
<time>1363067790</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.4 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor</comment>
<requestid>158562</requestid>
</revision>
<revision rev="117" vrev="65">
<srcmd5>edd2a174b68f78cdef429583f1009964</srcmd5>
<version>unknown</version>
<time>1365270843</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.5 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations</comment>
<requestid>162289</requestid>
</revision>
<revision rev="118" vrev="66">
<srcmd5>b6a8f58485426a777679cef559d12bb1</srcmd5>
<version>unknown</version>
<time>1368695470</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.6 (bnc#819204)
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
Miscellaneous memory safety hazards
* MFSA 2013-42/CVE-2013-1670 (bmo#853709)
Privileged access for content level constructor
* MFSA 2013-46/CVE-2013-1674 (bmo#860971)
Use-after-free with video and onresize event
* MFSA 2013-47/CVE-2013-1675 (bmo#866825)
Uninitialized functions in DOMSVGZoomEvent
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
Memory corruption found using Address Sanitizer</comment>
<requestid>175659</requestid>
</revision>
<revision rev="119" vrev="67">
<srcmd5>2aee6c9a84788cb25ae1ece109234610</srcmd5>
<version>unknown</version>
<time>1370592316</time>
<user>coolo</user>
<comment>- prevent xpc-shell crashing on powerpc
ppc-xpcshell.patch (forwarded request 177615 from k0da)</comment>
<requestid>177943</requestid>
</revision>
<revision rev="120" vrev="68">
<srcmd5>29a6a3cc1e802ee3a214d6c2c664a25e</srcmd5>
<version>unknown</version>
<time>1372271088</time>
<user>coolo</user>
<comment>- update to Thunderbird 17.0.7 (bnc#825935)
* MFSA 2013-49/CVE-2013-1682
Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL
* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior
* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context
ppc-xpcshell.patch</comment>
<requestid>180914</requestid>
</revision>
<revision rev="121" vrev="69">
<srcmd5>9b0a7de1919ffc627dea009c24bc71b9</srcmd5>
<version>unknown</version>
<time>1376212875</time>
<user>scarabeus_factory</user>
<comment>- update to Thunderbird 17.0.8 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701
Miscellaneous memory safety hazards
* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks
* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- update Enigmail to 1.5.2
* bugfix release</comment>
<requestid>186306</requestid>
</revision>
<revision rev="122" vrev="71">
<srcmd5>9b0a7de1919ffc627dea009c24bc71b9</srcmd5>
<version>unknown</version>
<time>1379661912</time>
<user>adrianSuSE</user>
<comment>Split 13.1 from Factory</comment>
</revision>
<revision rev="123" vrev="72">
<srcmd5>f220066add1a8734deabadc57810ca17</srcmd5>
<version>unknown</version>
<time>1379924860</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.0 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates
* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong "this" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- moved greek to common translation package
- require NSPR 4.10 and NSS 3.15.1
- add GStreamer build requirements for Gecko
- added enigmail-build.patch to fix TB packaging (bmo#886095)
- removed obsolete patches:</comment>
<requestid>199621</requestid>
</revision>
<revision rev="124" vrev="73">
<srcmd5>2048f6256f724b0f8142dfc01abfa3af</srcmd5>
<version>unknown</version>
<time>1381735783</time>
<user>scarabeus_factory</user>
<comment></comment>
<requestid>203067</requestid>
</revision>
<revision rev="125" vrev="74">
<srcmd5>34bca0fe1ada2d368655fcaf4d92b4fe</srcmd5>
<version>unknown</version>
<time>1383645529</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.1.0 (bnc#847708)
* requires NSS 3.15.2 or above
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates</comment>
<requestid>205266</requestid>
</revision>
<revision rev="126" vrev="75">
<srcmd5>c66354dc6c275bc5269bfbf77bf25370</srcmd5>
<version>unknown</version>
<time>1386527432</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>209660</requestid>
</revision>
<revision rev="127" vrev="76">
<srcmd5>3cabcaddb32a34742c889c8e9c696f5c</srcmd5>
<version>unknown</version>
<time>1386772902</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.2.0 (bnc#854370)
* requires NSS 3.15.3.1 or higher
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)</comment>
<requestid>210493</requestid>
</revision>
<revision rev="128" vrev="77">
<srcmd5>df01da7f07af53b258274c4bc8fbbda2</srcmd5>
<version>unknown</version>
<time>1389424194</time>
<user>coolo</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>213382</requestid>
</revision>
<revision rev="129" vrev="78">
<srcmd5>f553f764e9e821bedbd6aaf42a887fb7</srcmd5>
<version>unknown</version>
<time>1391613812</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.3.0 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4
- renamed ppc64le patches to streamline with Firefox package</comment>
<requestid>220930</requestid>
</revision>
<revision rev="130" vrev="79">
<srcmd5>838407665c5ce70b745b44e60ff9b589</srcmd5>
<version>unknown</version>
<time>1395297197</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.4.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering</comment>
<requestid>226674</requestid>
</revision>
<revision rev="131" vrev="80">
<srcmd5>c17bdf659275701bd7c5a0193a5ad2e0</srcmd5>
<version>unknown</version>
<time>1398923500</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.5.0 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518
Miscellaneous memory safety hazards
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
- use shipped-locales as the authoritative source for supported
locales (some unsupported locales disappear from -other package)</comment>
<requestid>232131</requestid>
</revision>
<revision rev="132" vrev="81">
<srcmd5>955ed8e063c5e57a5f674e89b185cf00</srcmd5>
<version>unknown</version>
<time>1402947774</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.6.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address Sanitizer
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- require NSPR 4.10.6 because of MFSA 2014-55/CVE-2014-1545</comment>
<requestid>236869</requestid>
</revision>
<revision rev="133" vrev="82">
<srcmd5>2ce0e8615abb78c23f6e923071051f0f</srcmd5>
<version>24.7.0</version>
<time>1406284041</time>
<user>coolo</user>
<comment>- update to Thunderbird 24.7.0 (bnc#887746)
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
- disabled enigmail build as with version 1.7 it's a standalone
source package</comment>
<requestid>241956</requestid>
</revision>
<revision rev="134" vrev="1">
<srcmd5>0ccca14db717c5d09f6328558de014b9</srcmd5>
<version>31.0</version>
<time>1406869663</time>
<user>coolo</user>
<comment>- update to Thunderbird 31.0
* based on Gecko 31
* Autocompleting email addresses now matches against any part of
the name or email
* Composing a mail to a newsgroup will now autocomplete newsgroup
names
* Insecure NTLM (pre-NTLMv2) authentication disabled
- rebased patches
- removed enigmail entirely from source package
- removed obsolete patches
* libffi-ppc64le.patch
* ppc64le-support.patch
* xpcom-ppc64le.patch
- use GStreamer 1.0 after 13.1
- switched source archives to use xz instead of bz2</comment>
<requestid>242772</requestid>
</revision>
<revision rev="135" vrev="3">
<srcmd5>0ccca14db717c5d09f6328558de014b9</srcmd5>
<version>31.0</version>
<time>1409300434</time>
<user>adrianSuSE</user>
<comment>Split 13.2 from Factory</comment>
</revision>
<revision rev="136" vrev="1">
<srcmd5>4ab49d3ed9a2312075717a63045cd0cf</srcmd5>
<version>31.1.0</version>
<time>1409810158</time>
<user>coolo</user>
<comment>- update to Thunderbird 31.1.0 (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
Miscellaneous memory safety hazards
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
Use-after-free during DOM interactions with SVG
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
Uninitialized memory use during GIF rendering
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
Out-of-bounds read in Web Audio audio timeline
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
Use-after-free setting text directionality
- added mozilla-nullptr-gcc45.patch to build on gcc 4.5 dists
(e.g. openSUSE 11.4)</comment>
<requestid>247295</requestid>
</revision>
<revision rev="137" vrev="1">
<srcmd5>2e4a9ac977446109e9810e56c0552f42</srcmd5>
<version>31.1.1</version>
<time>1410981871</time>
<user>coolo</user>
<comment></comment>
<requestid>249091</requestid>
</revision>
<revision rev="138" vrev="1">
<srcmd5>9507123d38d6c96ff6d6f0577c418893</srcmd5>
<version>31.2.0</version>
<time>1413463983</time>
<user>coolo</user>
<comment>- update to Thunderbird 31.2.0 (bnc#900941)
* MFSA 2014-74/CVE-2014-1574
Miscellaneous memory safety hazards
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
Buffer overflow during CSS manipulation
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
Web Audio memory corruption issues with custom waveforms
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
Out-of-bounds write with WebM video
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
Use-after-free interacting with text directionality
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
Inconsistent video sharing within iframe
- added basic appdata definition
- update to Thunderbird 31.1.2</comment>
<requestid>256558</requestid>
</revision>
<revision rev="139" vrev="2">
<srcmd5>bed0fc87bc515a40b2e7bde7fe30a9f0</srcmd5>
<version>31.2.0</version>
<time>1414826038</time>
<user>coolo</user>
<comment>- remove add-plugins.sh and use /usr/share/myspell directly
(bnc#900639)</comment>
<requestid>258425</requestid>
</revision>
<revision rev="140" vrev="3">
<srcmd5>16b3eef7e377fb4453080533781823a8</srcmd5>
<version>31.2.0</version>
<time>1415347547</time>
<user>coolo</user>
<comment>1</comment>
<requestid>259625</requestid>
</revision>
<revision rev="141" vrev="4">
<srcmd5>7c1965711a1929dc6afcc31ca53e3c98</srcmd5>
<version>31.2.0</version>
<time>1416824282</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>262392</requestid>
</revision>
<revision rev="142" vrev="1">
<srcmd5>8f10a6ddb146314744a63aa8ba849cb3</srcmd5>
<version>31.3.0</version>
<time>1417870045</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 31.3.0 (bnc#908009)
* MFSA 2014-83/CVE-2014-1587
Miscellaneous memory safety hazards
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
XMLHttpRequest crashes with some input streams
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
Use-after-free during HTML5 parsing
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
Buffer overflow while parsing media content
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
Bad casting from the BasicThebesLayer to BasicContainerLayer</comment>
<requestid>263823</requestid>
</revision>
<revision rev="143" vrev="1">
<srcmd5>c145bf2fd86e8f047bdec8611305ffe1</srcmd5>
<version>31.4.0</version>
<time>1421873444</time>
<user>coolo</user>
<comment>- update to Thunderbird 31.4.0 (bnc#910669)
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
- added mozilla-icu-strncat.patch to fix post build checks</comment>
<requestid>281363</requestid>
</revision>
<revision rev="144" vrev="1">
<srcmd5>03099431e810d6729ad61fb8be59f3df</srcmd5>
<version>31.5.0</version>
<time>1425031630</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 31.5.0 (bnc#917597)
* MFSA 2015-11/CVE-2015-0836
Miscellaneous memory safety hazards
* MFSA 2015-12/CVE-2015-0833 (bmo#945192)
Invoking Mozilla updater will load locally stored DLL files
(Windows only)
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
Use-after-free in IndexedDB
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
Out-of-bounds read and write while rendering SVG content
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
Reading of local files through manipulation of form autocomplete</comment>
<requestid>287636</requestid>
</revision>
<revision rev="145" vrev="1">
<srcmd5>49f936d233ed20e23b2379185ab19762</srcmd5>
<version>31.6.0</version>
<time>1428391677</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 31.6.0 (bnc#925368)
* MFSA 2015-30/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
Same-origin bypass through anchor navigation</comment>
<requestid>293911</requestid>
</revision>
<revision rev="146" vrev="1">
<srcmd5>a3489ebcb27e8356860ab89c0f9de9ae</srcmd5>
<version>31.7.0</version>
<time>1432158573</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 31.7.0 (bnc#930622)
* MFSA 2015-46/CVE-2015-2708
Miscellaneous memory safety hazards
* MFSA 2015-47/VE-2015-0797 (bmo#1080995)
Buffer overflow parsing H.264 video with Linux Gstreamer
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
Buffer overflow with SVG content and CSS
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
Use-after-free during text processing with vertical text enabled
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
Buffer overflow when parsing compressed XML
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
Privilege escalation through IPC channel messages</comment>
<requestid>307239</requestid>
</revision>
<revision rev="147" vrev="2">
<srcmd5>78ec6f6230527f21b7b9b855fca4443d</srcmd5>
<version>31.7.0</version>
<time>1434133557</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>309123</requestid>
</revision>
<revision rev="148" vrev="1">
<srcmd5>0141bae83ad4c65628a7be6a1e8904ad</srcmd5>
<version>38.1.0</version>
<time>1437059793</time>
<user>coolo</user>
<comment>- update to Thunderbird 38.1.0 (bnc#935979)
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725
Miscellaneous memory safety hazards
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
Local files or privileged URLs in pages can be opened into new tabs
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
Type confusion in Indexed Database Manager
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
Out-of-bound read while computing an oscillator rendering range in Web Audio
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
Use-after-free in Content Policy due to microtask execution error
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
ECDSA signature validation fails to handle some signatures correctly
(this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
Use-after-free in workers while using XMLHttpRequest
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
Vulnerabilities found through code inspection
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
Key pinning is ignored when overridable errors are encountered
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
Privilege escalation in PDF.js
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
NSS accepts export-length DHE keys with regular DHE cipher suites
(this fix is shipped by NSS 3.19.1 externally)
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
NSS incorrectly permits skipping of ServerKeyExchange
(this fix is shipped by NSS 3.19.1 externally)
- requires NSS 3.19.2</comment>
<requestid>316435</requestid>
</revision>
<revision rev="149" vrev="1">
<srcmd5>7e76ef03e8d6f01506c8bf8d20748740</srcmd5>
<version>38.2.0</version>
<time>1440135581</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 38.2.0 (bnc#940806)
* MFSA 2015-79/CVE-2015-4473
Miscellaneous memory safety hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
Out-of-bounds read with malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
Redefinition of non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518)
Arbitrary file overwriting through Mozilla Maintenance Service
with hard links (only affected Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
Out-of-bounds write with Updater and malicious MAR file
(does not affect openSUSE RPM packages which do not ship the
updater)
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
Crash when using shared memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
Heap overflow in gdk-pixbuf when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
Use-after-free in XMLHttpRequest with shared workers</comment>
<requestid>323869</requestid>
</revision>
<revision rev="150" vrev="1">
<srcmd5>fdcf05ab1c00ff9165459e39cb574944</srcmd5>
<version>38.3.0</version>
<time>1444636841</time>
<user>coolo</user>
<comment>1</comment>
<requestid>336566</requestid>
</revision>
<revision rev="151" vrev="1">
<srcmd5>41c6a0421d1543c8a80b2aec657e89bd</srcmd5>
<version>38.4.0</version>
<time>1449145744</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 38.4.0 (bnc#952810)
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
Miscellaneous memory safety hazards
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
Trailing whitespace in IP address hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
Buffer overflow during image interactions in canvas
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
CORS preflight is bypassed when non-standard Content-Type headers
are received
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
Memory corruption in libjar through zip files
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
JavaScript garbage collection crash with Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
(bmo#1188010, bmo#1204061, bmo#1204155)
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
Mixed content WebSocket policy bypass through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
(bmo#1202868, bmo#1205157)
NSS and NSPR memory corruption issues
(fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR 4.10.10 and NSS 3.19.2.1
- added explicit appdata provides (bnc#952325)
--------------------------------------------------------------------</comment>
<requestid>346366</requestid>
</revision>
<revision rev="152" vrev="1">
<srcmd5>d46209c81aea4bc277ecae74d91e4de2</srcmd5>
<version>38.5.0</version>
<time>1451177987</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 38.5.0 (bnc#959277)
* MFSA 2015-134/CVE-2015-7201
Miscellaneous memory safety hazards
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
Use-after-free in WebRTC when datachannel is used after being
destroyed
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
Integer overflow allocating extremely large textures
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
Underflow through code inspection
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
Integer overflow in MP4 playback in 64-bit versions
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
Integer underflow and buffer overflow processing MP4 metadata in
libstagefright
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
Cross-site reading attack through data and view-source URIs</comment>
<requestid>350596</requestid>
</revision>
<revision rev="153" vrev="1">
<srcmd5>ec3e8c2c5d7ed7871c67ce47c6e8b087</srcmd5>
<version>38.5.1</version>
<time>1451983263</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>351297</requestid>
</revision>
<revision rev="154" vrev="2">
<srcmd5>916d89d61f022eb2c62c809233085b1e</srcmd5>
<version>38.5.1</version>
<time>1453508054</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>354747</requestid>
</revision>
<revision rev="155" vrev="3">
<srcmd5>c9ee6640c9b97e0f87ba490be01a65af</srcmd5>
<version>38.5.1</version>
<time>1455272450</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>357295</requestid>
</revision>
<revision rev="156" vrev="1">
<srcmd5>98d322b86b4bc3ced16830ccb02a3749</srcmd5>
<version>38.6.0</version>
<time>1456433836</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 38.6.0 (boo#963520)
* Filters ran on a different folder than selected
* MFSA 2016-01/CVE-2016-1930
Miscellaneous memory safety hazards
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
Buffer overflow in WebGL after out of memory allocation</comment>
<requestid>359408</requestid>
</revision>
<revision rev="157" vrev="2">
<srcmd5>21d3d1362888f4eb4e43df73b33aef5c</srcmd5>
<version>38.6.0</version>
<time>1456924852</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>362033</requestid>
</revision>
<revision rev="158" vrev="1">
<srcmd5>ebe5b879f77a474f414a8ade86a2033b</srcmd5>
<version>38.7.0</version>
<time>1458470913</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 38.7.0 (boo#969894)
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
Use-after-free in MediaStream playback
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
Same-origin policy violation using performance.getEntries and
history navigation
* MFSA 2016-16/CVE-2016-1952
Miscellaneous memory safety hazards
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
Local file overwriting and potential privilege escalation through
CSP reports
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
Memory leak in libstagefright when deleting an array during MP4
processing
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
Displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
Addressbar spoofing though history navigation and Location protocol
property
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
Memory corruption with malicious NPAPI plugin
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103)</comment>
<requestid>373458</requestid>
</revision>
<revision rev="159" vrev="1">
<srcmd5>c2cfdd3a1d5a4870ebf3943c03d42a3d</srcmd5>
<version>38.7.1</version>
<time>1460028911</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>383091</requestid>
</revision>
<revision rev="160" vrev="1">
<srcmd5>fd9aebf42ff6d636ace66aada5cb47de</srcmd5>
<version>38.7.2</version>
<time>1460358819</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>386004</requestid>
</revision>
<revision rev="161" vrev="1">
<srcmd5>0ebceb4ae122c19be6e5dfed68c9a837</srcmd5>
<version>45.1.0</version>
<time>1463738104</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>396129</requestid>
</revision>
<revision rev="162" vrev="2">
<srcmd5>60ca3f608ddc8a025c8afd4c105bf663</srcmd5>
<version>45.1.0</version>
<time>1464689481</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>398145</requestid>
</revision>
<revision rev="163" vrev="1">
<srcmd5>97d42b0cc00e25a4405901584e3393af</srcmd5>
<version>45.1.1</version>
<time>1465129143</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>399148</requestid>
</revision>
<revision rev="164" vrev="2">
<srcmd5>b6df210318d130b68fbd5036b48134b5</srcmd5>
<version>45.1.1</version>
<time>1466716956</time>
<user>dimstar_suse</user>
<comment>- build with -fno-delete-null-pointer-checks for Tumbleweed/gcc6
as long as underlying issues have been addressed upstream
(boo#986162)
- Fix running on 48bit va aarch64 (bsc#984126)
- Add patch mozilla-aarch64-48bit-va.patch</comment>
<requestid>404253</requestid>
</revision>
<revision rev="165" vrev="3">
<srcmd5>47fcb9a6917f26378a7ba8b3552e562a</srcmd5>
<version>45.1.1</version>
<time>1467359633</time>
<user>dimstar_suse</user>
<comment>- mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2 (boo#984637)</comment>
<requestid>404805</requestid>
</revision>
<revision rev="166" vrev="1">
<srcmd5>9b61e73bb68db2dc2c995ede1cdf867e</srcmd5>
<version>45.2</version>
<time>1468869483</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>407286</requestid>
</revision>
<revision rev="167" vrev="2">
<srcmd5>4d0e65f8072f50e1d87cb1d29887d257</srcmd5>
<version>45.2</version>
<time>1470217041</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>412624</requestid>
</revision>
<revision rev="168" vrev="3">
<srcmd5>7a45868771e65a809351450ecaa9b788</srcmd5>
<version>45.2</version>
<time>1471008893</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>417432</requestid>
</revision>
<revision rev="169" vrev="1">
<srcmd5>c84c6e6d0f52741044637772f5c5d657</srcmd5>
<version>45.3.0</version>
<time>1472731308</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>423934</requestid>
</revision>
<revision rev="170" vrev="1">
<srcmd5>2d397ca63d3354aa0adf6bc6a3d95380</srcmd5>
<version>45.4.0</version>
<time>1475749688</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 45.4.0 (boo#999701)
* Display name was truncated if no separating space before email
address.
* Recipient addresses were shown in wrong color in some circumstances.
* Additional spaces were inserted when drafts were edited.
* Mail saved as template copied In-Reply-To and References from
original email.
* Threading broken when editing message draft, due to loss of Message-ID
* "Apply columns to..." did not honor special folders</comment>
<requestid>433302</requestid>
</revision>
<revision rev="171" vrev="1">
<srcmd5>1e3bf4c02b04c00684fdd9e2e8e45e26</srcmd5>
<version>45.5.0</version>
<time>1479837440</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>440959</requestid>
</revision>
<revision rev="172" vrev="1">
<srcmd5>b87c11f0d8b2b467f1f2e5966a3a9ba5</srcmd5>
<version>45.5.1</version>
<time>1480860352</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>443070</requestid>
</revision>
<revision rev="173" vrev="1">
<srcmd5>711c71d228ff5a9700b78a5f26c5f627</srcmd5>
<version>45.6.0</version>
<time>1483554554</time>
<user>lnussel_factory</user>
<comment>- update to Thunderbird 45.6.0 (boo#1015422)
* The system integration dialog was shown every time when starting
Thunderbird
* MFSA 2016-96
CVE-2016-9899: Use-after-free while manipulating DOM events and
audio elements (bmo#1317409)
CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
CVE-2016-9898: Use-after-free in Editor while manipulating DOM
subtrees (bmo#1314442)
CVE-2016-9900: Restricted external resources can be loaded by
SVG images through data URLs (bmo#1319122)
CVE-2016-9904: Cross-origin information leak in shared atoms
(bmo#1317936)
CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985)
CVE-2016-9893: Memory safety bugs fixed in Thunderbird 45.6
CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5</comment>
<requestid>448120</requestid>
</revision>
<revision rev="174" vrev="1">
<srcmd5>5d6475eb88f7745a6e9055f901c4adb8</srcmd5>
<version>45.7.0</version>
<time>1485682214</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>452950</requestid>
</revision>
<revision rev="175" vrev="1">
<srcmd5>ace51e59d73e37351d05e7e40c763c1a</srcmd5>
<version>45.7.1</version>
<time>1487149356</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 45.7.1
* fixed Crash when viewing certain IMAP messages (introduced in 45.7.0)</comment>
<requestid>456391</requestid>
</revision>
<revision rev="176" vrev="1">
<srcmd5>030e3bad8493408fcadc3a24fd8ab20e</srcmd5>
<version>45.8.0</version>
<time>1489415445</time>
<user>dimstar_suse</user>
<comment>fix typo in release date
- update to Thunderbird 45.8.0 (boo#1028391)
* MFSA 2017-07
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5407: Pixel and history stealing via floating-point
timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage
collection incremental sweeping (bmo#1330687)
CVE-2017-5408: Cross-origin reading of video captions in violation
of CORS (bmo#1313711)
CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports (bmo#1336699)
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
Firefox ESR 45.8</comment>
<requestid>478505</requestid>
</revision>
<revision rev="177" vrev="1">
<srcmd5>e63d07e412783eeeeb72add29a65425b</srcmd5>
<version>52.1.0</version>
<time>1493819611</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.1.0
* Background images not working and other issues related to
embedded images when composing email have been fixed
* Google Oauth setup can sometimes not progress to the next step
* requires NSS >= 3.28.4
- security fixes (boo#1035082), MFSA 2017-13
* CVE-2017-5443 (bmo#1342661)
Out-of-bounds write during BinHex decoding
* CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
Firefox ESR 52.1
* CVE-2017-5464 (bmo#1347075)
Memory corruption with accessibility and DOM manipulation
* CVE-2017-5465 (bmo#1347617)
Out-of-bounds read in ConvolvePixel
* CVE-2017-5466 (bmo#1353975)
Origin confusion when reloading isolated data:text/html URL
* CVE-2017-5467 (bmo#1347262)
Memory corruption when drawing Skia content
* CVE-2017-5460 (bmo#1343642)
Use-after-free in frame selection
* CVE-2017-5461 (bmo#1344380)
Out-of-bounds write in Base64 encoding in NSS
* CVE-2017-5449 (bmo#1340127)
Crash during bidirectional unicode manipulation with animation
* CVE-2017-5446 (bmo#1343505)
Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
* CVE-2017-5447 (bmo#1343552)
Out-of-bounds read during glyph processing</comment>
<requestid>492468</requestid>
</revision>
<revision rev="178" vrev="1">
<srcmd5>467b0edac3b1bc0eb855856a4e57bbfa</srcmd5>
<version>52.1.1</version>
<time>1495267810</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.1.1
* fixed crash when compacting IMAP folder (boo#1038753)
* Some attachments could not be opened or saved if the message
body is empty
* Unable to load full message via POP if message was downloaded
partially (or only headers) before
* Large attachments may not be shown or saved correctly if the
message is stored in an IMAP folder which is not synchronized
for offline use</comment>
<requestid>495327</requestid>
</revision>
<revision rev="179" vrev="2">
<srcmd5>7361487d04928ff18313151070cb0195</srcmd5>
<version>52.1.1</version>
<time>1496533720</time>
<user>dimstar_suse</user>
<comment>- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
with gcc7 (boo#1040105, boo#1042090)</comment>
<requestid>500304</requestid>
</revision>
<revision rev="180" vrev="3">
<srcmd5>f6cff385377a83b6c111ac8eac69ffd0</srcmd5>
<version>52.1.1</version>
<time>1496932611</time>
<user>dimstar_suse</user>
<comment>- remove legacy -Os optimization breaking gcc7/i586 (boo#1042090)</comment>
<requestid>500919</requestid>
</revision>
<revision rev="181" vrev="1">
<srcmd5>097803b1342fb3c49f4b2b12c1a01bd6</srcmd5>
<version>52.2</version>
<time>1497949158</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.2 (boo#1043960)
* Embedded images not shown in email received from Hotmail/Outlook
webmailer
* Detection of non-ASCII font names in font selector
* Attachment not forwarded correctly under certain circumstances
* Multiple requests for master password when GMail OAuth2 is enabled
* Large number of blank pages being printed under certain
circumstances when invalid preferences were present
* Messages sent via the Simple MAPI interface are forced to HTML
* Calendar: Invitations can't be printed
* Mailing list (group) not accessible from macOS or Outlook address book
* Clicking on links with references/anchors where target doesn't
exist in the message not opening in external browser
MFSA 2017-17
* CVE-2017-5472 (bmo#1365602)
Use-after-free using destroyed node when regenerating trees
* CVE-2017-7749 (bmo#1355039)
Use-after-free during docshell reloading
* CVE-2017-7750 (bmo#1356558)
Use-after-free with track elements
* CVE-2017-7751 (bmo#1363396)
Use-after-free with content viewer listeners
* CVE-2017-7752 (bmo#1359547)
Use-after-free with IME input
* CVE-2017-7754 (bmo#1357090)
Out-of-bounds read in WebGL with ImageInfo object
* CVE-2017-7756 (bmo#1366595)
Use-after-free and use-after-scope logging XHR header errors
* CVE-2017-7757 (bmo#1356824)
Use-after-free in IndexedDB</comment>
<requestid>503951</requestid>
</revision>
<revision rev="182" vrev="1">
<srcmd5>63e3bc8789d3b3ac559b9c4caba45164</srcmd5>
<version>52.2.1</version>
<time>1498840892</time>
<user>dimstar_suse</user>
<comment>1</comment>
<requestid>507003</requestid>
</revision>
<revision rev="183" vrev="1">
<srcmd5>54b59a7681464857d2b1d58f4c7eb249</srcmd5>
<version>52.3.0</version>
<time>1503589224</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.3 (boo#1052829)
Fixed issues:
* Unwanted inline images shown in rogue SPAM messages
* Deleting message from the POP3 server not working when maildir
storage was used
* Message disposition flag (replied / forwarded) lost when reply or
forwarded message was stored as draft and draft was sent later
* Inline images not scaled to fit when printing
* Selected text from another message sometimes included in a reply
* No authorisation prompt displayed when inserting image into email
body although image URL requires authentication
* Large attachments taking a long time to open under some circumstances
security
Security fixes from Gecko 52.3esr
* CVE-2017-7798 (bmo#1371586, bmo#1372112)
XUL injection in the style editor in devtools
* CVE-2017-7800 (bmo#1374047)
Use-after-free in WebSockets during disconnection
* CVE-2017-7801 (bmo#1371259)
Use-after-free with marquee during window resizing
* CVE-2017-7784 (bmo#1376087)
Use-after-free with image observers
* CVE-2017-7802 (bmo#1378147)
Use-after-free resizing image elements
* CVE-2017-7785 (bmo#1356985)
Buffer overflow manipulating ARIA attributes in DOM
* CVE-2017-7786 (bmo#1365189)
Buffer overflow while painting non-displayable SVG
* CVE-2017-7753 (bmo#1353312)
Out-of-bounds read with cached style data and pseudo-elements#</comment>
<requestid>517268</requestid>
</revision>
<revision rev="184" vrev="1">
<srcmd5>9eeab295e28d44467f0f5c4891c0cf4c</srcmd5>
<version>52.4.0</version>
<time>1507570596</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 52.4.0 (bsc#1060445)
* new behavior was introduced for replies to mailing list posts:
"When replying to a mailing list, reply will be sent to address
in From header ignoring Reply-to header". A new preference
mail.override_list_reply_to allows to restore the previous behavior.
* Under certain circumstances (image attachment and non-image
attachment), attached images were shown truncated in messages
stored in IMAP folders not synchronised for offline use.
* IMAP UIDs > 0x7FFFFFFF now handled properly
Security fixes from Gecko 52.4esr
* CVE-2017-7793 (bmo#1371889)
Use-after-free with Fetch API
* CVE-2017-7818 (bmo#1363723)
Use-after-free during ARIA array manipulation
* CVE-2017-7819 (bmo#1380292)
Use-after-free while resizing images in design mode
* CVE-2017-7824 (bmo#1398381)
Buffer overflow when drawing and validating elements with ANGLE
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
Use-after-free in TLS 1.2 generating handshake hashes
* CVE-2017-7814 (bmo#1376036)
Blob and data URLs bypass phishing and malware protection warnings
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
OS X fonts render some Tibetan and Arabic unicode characters as spaces
* CVE-2017-7823 (bmo#1396320)
CSP sandbox directive did not create a unique origin
* CVE-2017-7810
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- Add alsa-devel BuildRequires: we care for ALSA support to be</comment>
<requestid>532694</requestid>
</revision>
<revision rev="185" vrev="1">
<srcmd5>39c52e59f0aa659056f62a54a29d132a</srcmd5>
<version>52.5.0</version>
<time>1512042118</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.5.0 (bsc#1068101)
* Better support for Charter/Spectrum IMAP: Thunderbird will now
detect Charter's IMAP service and send an additional IMAP select
command to the server. Check the various preferences ending in
"force_select" to see whether auto-detection has discovered this case.
* In search folders spanning multiple base folders clicking on a
message sometimes marked another message as read
* IMAP alerts have been corrected and now show the correct server
name in case of connection problems
* POP alerts have been corrected and now indicate connection problems
in case the configured POP server cannot be found
MFSA 2017-26
* CVE-2017-7828 (bmo#1406750. bmo#1412252)
Use-after-free of PressShell while restyling layout
* CVE-2017-7830 (bmo#1408990)
Cross-origin URL information leak through Resource Timing API
* CVE-2017-7826
Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
- Drop obsolete libgnomeui-devel BuildRequires: No longer needed.
- Add explicit pkgconfig(gconf-2.0), pkgconfig(gobject-2.0),
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
pkgconfig(gdk-x11-2.0) BuildRequires: Previously pulled in by
libgnomeui-devel, and is what configure really checks for.</comment>
<requestid>545445</requestid>
</revision>
<revision rev="186" vrev="2">
<srcmd5>a811505d49628fc9e21f9e09633feca1</srcmd5>
<version>52.5.0</version>
<time>1513110043</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>555851</requestid>
</revision>
<revision rev="187" vrev="1">
<srcmd5>df71506f2aada63aab8040e311305728</srcmd5>
<version>52.5.2</version>
<time>1514840646</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>559658</requestid>
</revision>
<revision rev="188" vrev="1">
<srcmd5>6c467f8daaea77696ae28e013a9874a6</srcmd5>
<version>52.6</version>
<time>1517322987</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.6 (bsc#1077291)
* Searching message bodies of messages in local folders, including
filter and quick filter operations, not working reliably: Content
not found in base64-encode message parts, non-ASCII text not found
and false positives found.
* Defective messages (without at least one expected header) not shown
in IMAP folders but shown on mobile devices
* Calendar: Unintended task deletion if numlock is enabled
* Mozilla platform security fixes
MFSA 2018-04
* CVE-2018-5095 (bmo#1418447)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-5096 (bmo#1418922)
Use-after-free while editing form elements
* CVE-2018-5097 (bmo#1387427)
Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400)
Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878)
Use-after-free with widget listener
* CVE-2018-5102 (bmo#1419363)
Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159)
Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000)
Use-after-free during font face manipulation
* CVE-2018-5117 (bmo#1395508)
URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5089
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6</comment>
<requestid>569795</requestid>
</revision>
<revision rev="189" vrev="2">
<srcmd5>edb1e9a61b0d103c3b79cc412a835005</srcmd5>
<version>52.6</version>
<time>1518950341</time>
<user>dimstar_suse</user>
<comment>readded lost bsc bugnumbers for Leap 15
increased constraints to give i586 the chance to build again</comment>
<requestid>577192</requestid>
</revision>
<revision rev="190" vrev="1">
<srcmd5>ee62488a4a0ba2005752c2a125debcf8</srcmd5>
<version>52.7</version>
<time>1522316930</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.7
* Searching message bodies of messages in local folders, including
filter and quick filter operations, did not find content in
message attachments
* Better error handling for Yahoo accounts
- The following security fixes are included as part of the mozilla
platform. In general, these flaws cannot be exploited through
email in the Thunderbird product because scripting is disabled
when reading mail, but are potentially risks in browser or
browser-like contexts (MFSA 2018-09, bsc#1085130, bsc#1085671):
* CVE-2018-5127 (bmo#1430557)
Buffer overflow manipulating SVG animatedPathSegList
* CVE-2018-5129 (bmo#1428947)
Out-of-bounds write with malformed IPC messages
* CVE-2018-5144 (bmo#1440926)
Integer overflow during Unicode conversion
* CVE-2018-5146 (bmo#1446062)
Out of bounds memory write in libvorbis
* CVE-2018-5125 (bmo1416529,bmo#1434580,bmo#1434384,bmo#1437450,
bmo#1437507,bmo#1426988,bmo#1438425,bmo#1324042,bmo#1437087,
bmo#1443865,bmo#1425520)
Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7, and
Thunderbird 52.7
* CVE-2018-5145 (bmo#1261175,bmo#1348955)
Memory safety bugs fixed in Firefox ESR 52.7 and Thunderbird
52.7</comment>
<requestid>591025</requestid>
</revision>
<revision rev="191" vrev="2">
<srcmd5>7d484c45bd8ba30410738141418410e9</srcmd5>
<version>52.7</version>
<time>1522702069</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>592321</requestid>
</revision>
<revision rev="192" vrev="1">
<srcmd5>59d74f54cc45e421b5c40f074168c420</srcmd5>
<version>52.8</version>
<time>1526829565</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 52.8 (bsc#1092548)
MFSA 2018-13
* CVE-2018-5183 (bmo#1454692)
Backport critical security fixes in Skia
* CVE-2018-5184 (bmo#1411592, bsc#1093152)
Full plaintext recovery in S/MIME via chosen-ciphertext attack
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5161 (bmo#1411720)
Hang via malformed headers
* CVE-2018-5162 (bmo#1457721, bsc#1093152)
Encrypted mail leaks plaintext through src attribute
* CVE-2018-5170 (bmo#1411732)
Filename spoofing for external attachments
* CVE-2018-5168 (bmo#1449548)
Lightweight themes can be installed without user interaction
* CVE-2018-5174 (bmo#1447080) (Windows only)
Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
* CVE-2018-5178 (bmo#1443891)
Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
* CVE-2018-5185 (bmo#1450345)
Leaking plaintext through HTML forms
* CVE-2018-5150 (bmo#1388020,bmo#1433609,bmo#1409440,bmo#1448705,
bmo#1451376,bmo#1452202,bmo#1444668,bmo#1393367,bmo#1411415,</comment>
<requestid>610619</requestid>
</revision>
<revision rev="193" vrev="1">
<srcmd5>7f0b4851f5397ead93061a9978c7d106</srcmd5>
<version>52.9.0</version>
<time>1530993282</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>620717</requestid>
</revision>
<revision rev="194" vrev="1">
<srcmd5>9b78a44aba2f35eaf48efafdde8f2c42</srcmd5>
<version>52.9.1</version>
<time>1531812990</time>
<user>dimstar_suse</user>
<comment>boo#1100780</comment>
<requestid>622019</requestid>
</revision>
<revision rev="195" vrev="1">
<srcmd5>5a7653e9e869846ee2d31f5494e212aa</srcmd5>
<version>60.0</version>
<time>1536575359</time>
<user>maxlin_factory</user>
<comment></comment>
<requestid>632921</requestid>
</revision>
<revision rev="196" vrev="2">
<srcmd5>1817eef3eb2c974dba58d02fbb93651b</srcmd5>
<version>60.0</version>
<time>1537970475</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>636364</requestid>
</revision>
<revision rev="197" vrev="1">
<srcmd5>118f04aea1312c04ed18cf1ec5698f6b</srcmd5>
<version>60.2.1</version>
<time>1539251009</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>640048</requestid>
</revision>
<revision rev="198" vrev="2">
<srcmd5>07b11b2f3372c3afa8ab9af26448b335</srcmd5>
<version>60.2.1</version>
<time>1540199078</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>641723</requestid>
</revision>
<revision rev="199" vrev="1">
<srcmd5>9b37701309f1137bdc8d3500495b49f6</srcmd5>
<version>60.3.0</version>
<time>1541514953</time>
<user>dimstar_suse</user>
<comment>- update to Thunderbird 60.3.0
* various theme fixes
* Shift+PageUp/PageDown in Write window
* Gloda attachment filtering
* Mailing list address auto-complete enter/return handling
* Thunderbird hung if HTML signature references non-existent image
* Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
(Firefox ESR release). In general, these flaws cannot be exploited
through email in Thunderbird because scripting is disabled when
reading mail, but are potentially risks in browser or browser-like
contexts (MFSA 2018-28) (bsc#1112852)
* CVE-2018-12391 (bmo#1478843) (Android only)
HTTP Live Stream audio data is accessible cross-origin
* CVE-2018-12392 (bmo#1492823)
Crash with nested event loops
* CVE-2018-12393 (bmo#1495011)
Integer overflow during Unicode conversion while loading JavaScript
* CVE-2018-12389 (bmo#1498460, bmo#1499198)
Memory safety bugs fixed in Firefox ESR 60.3
* CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
* mozilla-bmo1463035.patch</comment>
<requestid>645920</requestid>
</revision>
<revision rev="200" vrev="1">
<srcmd5>b43f41547c28b2ac1d95881df4f4405b</srcmd5>
<version>60.3.1</version>
<time>1542748939</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.3.1:
* Double-clicking on a word in the Write window sometimes
launched the Advanced Property Editor or Link Properties dialog
* Fixe Cookie removal
* "Download rest of message" was not working if global inbox was
used
* Fix Encoding problems for users (especially in Poland) when a
file was sent via a folder using "Sent to > Mail recipient"
due to a problem in the Thunderbird MAPI interface
* According to RFC 4616 and RFC 5721, passwords containing
non-ASCII characters are encoded using UTF-8 which can lead to
problems with non-compliant providers, for example
office365.com. The SMTP LOGIN and POP3 USER/PASS
authentication methods are now using a Latin-1 encoding again
to work around this issue
* Fix shutdown crash/hang after entering an empty IMAP password</comment>
<requestid>649480</requestid>
</revision>
<revision rev="201" vrev="1">
<srcmd5>873efffff7c3236a1809fc7d511e9b7f</srcmd5>
<version>60.3.2</version>
<time>1543999126</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>653563</requestid>
</revision>
<revision rev="202" vrev="1">
<srcmd5>49df030578dc78cd43b3790684b9c8ee</srcmd5>
<version>60.3.3</version>
<time>1544539520</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.3.3
* Thunderbird 60 will migrate security databases (key3.db, cert8.db
to key4.db, cert9.db). Thunderbird 60.3.2 and earlier contained a
fault that potentially deleted saved passwords and private certificate
keys for users using a master password. Version 60.3.3 will prevent
the loss of data; affected users who have already upgraded to version
60.3.2 or earlier can restore the deleted key3.db file from backup
to complete the migration.
* Address book search and auto-complete slowness introduced in
Thunderbird 60.3.2
* Plain text markup with * for bold, / for italics, _ for underline
and | for code did not work when the enclosed text contained
non-ASCII characters
* While composing a message, a link not removed when link location
was removed in the link properties panel</comment>
<requestid>655853</requestid>
</revision>
<revision rev="203" vrev="1">
<srcmd5>4e2b335bd3b10364ed5dda49bfda9eb3</srcmd5>
<version>60.4.0</version>
<time>1547539914</time>
<user>dimstar_suse</user>
<comment>So far no security information posted on https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
But as always there are semi-relevant changes from the Gecko 60.4 baseline. Many times not directly affecting TB
- Mozilla Thunderbird 60.4.0:
* New WebExtensions FileLink API to facilitate add-ons
* Fix decoding problems for messages with less common charsets
(cp932, cp936)
* New messages in the drafts folder (and other special or virtual
folders) will no longer be included in the new messages
notification
- requires NSS 3.36.6</comment>
<requestid>664269</requestid>
</revision>
<revision rev="204" vrev="1">
<srcmd5>dc0d217472ecbc1cbc4c626c6321f159</srcmd5>
<version>60.5.0</version>
<time>1549623939</time>
<user>coolo</user>
<comment>- MozillaThunderbird 60.5.0:
* FileLink provider WeTransfer to upload large attachments
* Thunderbird now allows the addition of OpenSearch search engines
from a local XML file using a minimal user inferface: [+] button
to select a file an add, [-] to remove.
* More search engines: Google and DuckDuckGo available by default
in some locales
* During account creation, Thunderbird will now detect servers
using the Microsoft Exchange protocol. It will offer the
installation of a 3rd party add-on (Owl) which supports that
protocol.
* Thunderbird now compatible with other WebExtension-based
FileLink add-ons like the Dropbox add-on
MFSA 2019-03 (bsc#1122983)
* CVE-2018-18500 bmo#1510114
Use-after-free parsing HTML5 stream
* CVE-2018-18505 bmo#1497749
Privilege escalation through IPC channel messages
* CVE-2016-5824 bmo#1275400
DoS (use-after-free) via a crafted ics file
* CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
bmo#1502871 bmo#1516738 bmo#1516514
Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
- requires NSS 3.36.7
- removed obsolete patch
mozilla-no-stdcxx-check.patch
- rebased patches
MFSA 2018-31
* CVE-2018-17466 bmo#1488295</comment>
<requestid>669999</requestid>
</revision>
<revision rev="205" vrev="1">
<srcmd5>100b8fec8cf4a762891f37d916d2affd</srcmd5>
<version>60.5.1</version>
<time>1551027699</time>
<user>coolo</user>
<comment>- Mozilla Thunderbird 60.5.1
* CalDav access to some servers not working
MFSA 2019-06 (bsc#1125330)
* CVE-2018-18356 bmo#1525817
Use-after-free in Skia
* CVE-2019-5785 bmo#1525433
Integer overflow in Skia
* CVE-2018-18335 bmo#1525815
Buffer overflow in Skia with accelerated Canvas 2D
* CVE-2018-18509 bmo#1507218
S/MIME signature spoofing
- Mozilla Thunderbird 60.5.0:</comment>
<requestid>676696</requestid>
</revision>
<revision rev="206" vrev="1">
<srcmd5>2b90de27e74a9a3bd31e309462ad849b</srcmd5>
<version>60.5.2</version>
<time>1551687200</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.5.2
* UTF-8 support for MAPISendMail
* Problem with S/MIME certificate verification when receiving email
from Outlook (issue introduced in version 60.5.1)
</comment>
<requestid>680129</requestid>
</revision>
<revision rev="207" vrev="1">
<srcmd5>13a38de5f658cd2030182ab178e44106</srcmd5>
<version>60.6.0</version>
<time>1553610956</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.6.0
* Calendar: Can't create repeating event with end date when using
certain time zones, for example Europe/Minsk
* some minor bugfixes
* using 60.6.0esr Mozilla platform (bsc#1129821)
- Mozilla Thunderbird 60.5.3
* fixed a regression on the Windows platform:
Problem when using "Send to > Mail recipient" on Windows</comment>
<requestid>687466</requestid>
</revision>
<revision rev="208" vrev="1">
<srcmd5>ffcf6d08ec966a51728fd9c57cfb51bb</srcmd5>
<version>60.6.1</version>
<time>1553809568</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.6.1
MFSA 2019-12 (bsc#1130262)
* CVE-2019-9810 (bmo#1537924)
IonMonkey MArraySlice has incorrect alias information
* CVE-2019-9813 (bmo#1538006)
Ionmonkey type confusion with __proto__ mutations</comment>
<requestid>689134</requestid>
</revision>
<revision rev="209" vrev="2">
<srcmd5>e6bcea05f4d789156e235570d892316a</srcmd5>
<version>60.6.1</version>
<time>1554189594</time>
<user>dimstar_suse</user>
<comment>old patch was missing a piece
- Add patch to fix build using rust-1.33: (boo#1130694)
* mozilla-bmo1519629.patch (bmo#1519629)</comment>
<requestid>690073</requestid>
</revision>
<revision rev="210" vrev="3">
<srcmd5>0e0450ce67fb2d34cbd31e7142363d90</srcmd5>
<version>60.6.1</version>
<time>1556207527</time>
<user>maxlin_factory</user>
<comment></comment>
<requestid>697648</requestid>
</revision>
<revision rev="211" vrev="1">
<srcmd5>d9d149b4afebe4cb46d9b219da815213</srcmd5>
<version>60.7.0</version>
<time>1559029254</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
files using a keyboard shortcut
MFSA 2019-15 (boo#1135824)
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-9797 (bmo#1528909)
Cross-origin theft of images with createImageBitmap
* CVE-2018-18511 (bmo#1526218)
Cross-origin theft of images with ImageBitmapRenderingContext
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox</comment>
<requestid>705454</requestid>
</revision>
<revision rev="212" vrev="1">
<srcmd5>cac800f405101844ff87974dd9c75acc</srcmd5>
<version>60.7.1</version>
<time>1560800045</time>
<user>dimstar_suse</user>
<comment>(also updated keyring)
- Mozilla Thunderbird 60.7.1
* fixed: No prompt for smartcard PIN when S/MIME signing is used
MFSA 2019-17 (boo#1137595)
* CVE-2019-11703 (bmo#1553820)
Heap buffer overflow in icalparser.c
* CVE-2019-11704 (bmo#1553814)
Heap buffer overflow in icalvalue.c
* CVE-2019-11705 (bmo#1553808)
Stack buffer overflow in icalrecur.c
* CVE-2019-11706 (bmo#1555646)
Type confusion in icalproperty.c
- Increase disk space requirements in _constraints.</comment>
<requestid>709837</requestid>
</revision>
<revision rev="213" vrev="1">
<srcmd5>5a11fadfdcd3091e1e3d9b1a81224a00</srcmd5>
<version>60.7.2</version>
<time>1561493815</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 60.7.2
MFSA 2019-20 (boo#1138872)
* CVE-2019-11707 (bmo#1544386)
Type confusion in Array.pop
* CVE-2019-11708 (bmo#1559858)
sandbox escape using Prompt:Open</comment>
<requestid>711281</requestid>
</revision>
<revision rev="214" vrev="1">
<srcmd5>9bde053a7506367f0aea11d9a2299e2c</srcmd5>
<version>60.8.0</version>
<time>1563259125</time>
<user>dimstar_suse</user>
<comment>- Generate langpacks sequentially to avoid file corruption
from racy file writes (boo#1137970)
- Mozilla Thunderbird 60.8.0
* Calendar: Problems when editing event times, some related to
AM/PM setting in non-English locales
MFSA 2019-23 (boo#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious languagepack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having the
same-origin
* CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 and</comment>
<requestid>714774</requestid>
</revision>
<revision rev="215" vrev="2">
<srcmd5>4a57da4eb7ff376c6e450a681568f797</srcmd5>
<version>60.8.0</version>
<time>1565864568</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>720733</requestid>
</revision>
<revision rev="216" vrev="1">
<srcmd5>1482643e205dfea07bb2ad5475052d13</srcmd5>
<version>68.1.0</version>
<time>1568804773</time>
<user>maxlin_factory</user>
<comment>- Mozilla Thunderbird 68.1.0
* Offer to configure Exchange accounts for Office365. A third-party
add-on is required for this account type. IMAP still exists as
alternative.
* several bugfixes
MFSA 2019-30
* CVE-2019-11739 (bmo#1571481)
Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-11743 (bmo#1560495)
Cross-origin access to unload event attributes
* CVE-2019-11740 (bmo#1563133,bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox
ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
- removed upstreamed fix-build-after-y2038-changes-in-glibc.patch
- added thunderbird-locale-build.patch to fix locale build
- Add -L flag to the stat call for checking file size of %{SOURCE4}.
- Add fix-missing-return-warning.patch to silence a compiler warning.
- Mozilla Thunderbird 68.0</comment>
<requestid>730872</requestid>
</revision>
<revision rev="217" vrev="1">
<srcmd5>f1e505f49f916ba3945c601c4f4691ed</srcmd5>
<version>68.1.1</version>
<time>1570700959</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>733855</requestid>
</revision>
<revision rev="218" vrev="1">
<srcmd5>c686564ceb58d4122602b143c6ec70da</srcmd5>
<version>68.1.2</version>
<time>1571310314</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.1.2
Bugfixes
* Some attachments couldn't be opened in messages originating from
MS Outlook 2016
* Address book import from CSV
* Performance problem in message body search
* Ctrl+Enter to send a message would open an attachment if the
attachment pane had focus
* Calendar: Issues with "Today Pane" start-up
* Calendar: Glitches with custom repeat and reminder number input
* Calendar: Problems with WCAP provider
- add mozilla-bmo1585099.patch to fix build with rust >= 1.38</comment>
<requestid>737931</requestid>
</revision>
<revision rev="219" vrev="1">
<srcmd5>8e104d012b599245a870a498ea2af16e</srcmd5>
<version>68.2.0</version>
<time>1572277505</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.2.0
* Message Display WebExtension API
* Message Search WebExtension API
* Better visual feedback for unread messages when using the dark theme
* Fixed various issues when editing mailing list
* Fixed application windows not maintaining their size after restart
MFSA 2019-33 (bsc#1154738)
* CVE-2019-15903 (bmo#1584907)
Heap overflow in expat library in XML_GetCurrentLineNumber
* CVE-2019-11757 (bmo#1577107)
Use-after-free when creating index updates in IndexedDB
* CVE-2019-11758 (bmo#1536227)
Potentially exploitable crash due to 360 Total Security
* CVE-2019-11759 (bmo#1577953)
Stack buffer overflow in HKDF output
* CVE-2019-11760 (bmo#1577719)
Stack buffer overflow in WebRTC networking
* CVE-2019-11761 (bmo#1561502)
Unintended access to a privileged JSONView object
* CVE-2019-11762 (bmo#1582857)
document.domain-based origin isolation has same-origin-property violation
* CVE-2019-11763 (bmo#1584216)
Incorrect HTML parsing results in XSS bypass technique
* CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
bmo#1581950, bmo#1583463, bmo#1586599)
Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
- removed obsolete patches
mozilla-bmo1573381.patch
mozilla-bmo1512162.patch</comment>
<requestid>742150</requestid>
</revision>
<revision rev="220" vrev="1">
<srcmd5>dead8f8b7d9033bea75d10aa9eb18899</srcmd5>
<version>68.2.1</version>
<time>1573049738</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.2.1
* A language for the user interface can now be chosen in the
advanced settings (multilingual UI)
* Fixed problem with Google authentication (OAuth2)
* Selected or unread messages were not shown in the correct color
in the thread pane (message list) under some circumstances
* When using a language pack, names of standard folders weren't
localized (boo#1149126)
* Address book default startup directory in preferences panel was
not persisted
* Chat: Extended context menu on Instant messaging status dialog
(Show Accounts)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
big endian platforms</comment>
<requestid>744761</requestid>
</revision>
<revision rev="221" vrev="1">
<srcmd5>1747d751e6d7bf8b32f089c98d497b03</srcmd5>
<version>68.2.2</version>
<time>1574337386</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>747029</requestid>
</revision>
<revision rev="222" vrev="1">
<srcmd5>736fbd08be5f9af5acefe6dba5e40bbc</srcmd5>
<version>68.3.0</version>
<time>1576062187</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.3.0:
* Message display toolbar action WebExtension API
* Navigation buttons are now available in content tabs, for example
those opened via an add-on search
* other bugfixes
MFSA 2019-38
* CVE-2019-17008 (bmo#1546331)
Use-after-free in worker destruction
* CVE-2019-13722 (bmo#1580156)
Stack corruption due to incorrect number of arguments in WebRTC code
* CVE-2019-17010 (bmo#1581084)
Use-after-free when performing device orientation checks
* CVE-2019-17005 (bmo#1584170)
Buffer overflow in plain text serializer
* CVE-2019-17011 (bmo#1591334)
Use-after-free when retrieving a document in antitracking
* CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
bmo#1580288, bmo#1585760, bmo#1592502)
Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
- changed locale building procedure
* removed obsolete compare-locales.tar.xz and
thunderbird-broken-locales-build.patch
- add mozilla-bmo849632.patch to fix color issues on big endian</comment>
<requestid>754691</requestid>
</revision>
<revision rev="223" vrev="1">
<srcmd5>448390a102c9d1bdd3b87c903226e3ad</srcmd5>
<version>68.3.1</version>
<time>1577710132</time>
<user>dimstar_suse</user>
<comment>- add mozilla-bmo1583471.patch to allow building with rust 1.39
- Mozilla Thunderbird 68.3.1
* In dark theme unread messages no longer shown in blue to
distinguish from tagged messages
* Account setup is now using client side DNS MX lookup instead of
relying on a server
Bugfixes
* Searching LDAP address book crashed in some circumstances
* Message navigation with backward and forward buttons did not work
in some circumstances
* WebExtension toolbar icons were displayed too small
* Calendar: Tasks due today were not listed in bold
* Calendar: Last day of long-running events was not shown</comment>
<requestid>759724</requestid>
</revision>
<revision rev="224" vrev="1">
<srcmd5>6b7b70ea89fa83df1fb0d30d172808dd</srcmd5>
<version>68.4.1</version>
<time>1579031868</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.4.1
* Various improvements when setting up an account for a Microsoft
Exchange server: Now offers IMAP/SMTP if available, better
detection for Office 365 accounts; re-run configuration after
password change
Fixes:
* After changing view layout, the message display pane showed
garbled content under some circumstances
* Various theme changes to achieve "pixel perfection": Unread icon,
"no results" icon, paragraph format and font selector, background
of folder summary tooltip
* Tags were lost on messages in shared IMAP folders under some
circumstances
* Calendar: Event attendee dialog was not displayed correctly
MFSA 2020-04 (bsc#1160498, bsc#1160305)
* CVE-2019-17026 (bmo#1607443)
IonMonkey type confusion with StoreElementHole and FallibleStoreElement
* CVE-2019-17015 (bmo#1599005)
Memory corruption in parent process during new content process
initialization on Windows
* CVE-2019-17016 (bmo#1599181)
Bypass of @namespace CSS sanitization during pasting
* CVE-2019-17017 (bmo#1603055)
Type Confusion in XPCVariant.cpp
* CVE-2019-17021 (bmo#1599008)
Heap address disclosure in parent process during content process
initialization on Windows
* CVE-2019-17022 (bmo#1602843)
CSS sanitization does not escape HTML tags
* CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)</comment>
<requestid>763056</requestid>
</revision>
<revision rev="225" vrev="1">
<srcmd5>605af520015ca8e1cb935e4b38532943</srcmd5>
<version>68.4.2</version>
<time>1580373423</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.4.2
* Calendar: Task and Event tree colours adjusted for the dark theme
* Retrieval of S/MIME certificates from LDAP failed
* Address-parsing crash on some IMAP servers when
mail.imap.use_envelope_cmd is set
* Incorrect forwarding of HTML messages caused SMTP servers to
respond with a timeout
* Calendar: Various parts of the calendar UI stopped working when
a second Thunderbird window opened</comment>
<requestid>767881</requestid>
</revision>
<revision rev="226" vrev="2">
<srcmd5>03fd2e308fc6429ceafdf920e51e98a7</srcmd5>
<version>68.4.2</version>
<time>1580990763</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>769383</requestid>
</revision>
<revision rev="227" vrev="1">
<srcmd5>1d64841cbdf624ada484437b5e6723be</srcmd5>
<version>68.5.0</version>
<time>1581693835</time>
<user>okurz-factory</user>
<comment>- Mozilla Thunderbird 68.5.0
New
* Support for Client Identity IMAP/SMTP Service Extension
* Support for OAuth 2.0 authentication for POP3 accounts
Fixes
* Status area goes blank during account setup
* Calendar: Could not remove color for default categories
* Calendar: Prevent calendar component loading multiple times
* Calendar: Today pane did not retain width between sessions
MFSA 2020-07 (bsc#1163368)
* CVE-2020-6793 (bmo#1608539)
Out-of-bounds read when processing certain email messages
* CVE-2020-6794 (bmo#1606619)
Setting a master password post-Thunderbird 52 does not delete
unencrypted previously stored passwords
* CVE-2020-6795 (bmo#1611105)
Crash processing S/MIME messages with multiple signatures
* CVE-2020-6797 (bmo#1596668) (Mac OSX only)
Extensions granted downloads.open permission could open arbitrary
applications on Mac OSX
* CVE-2020-6798 (bmo#1602944)
Incorrect parsing of template tag could result in JavaScript injection
* CVE-2020-6792 (bmo#1609607)
Message ID calculcation was based on uninitialized data
* CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
bmo#1608580,bmo#1608785,bmo#1605777)
Memory safety bugs fixed in Thunderbird 68.5</comment>
<requestid>773527</requestid>
</revision>
<revision rev="228" vrev="1">
<srcmd5>904ae93d0be9106f11e10abf90ae2ed7</srcmd5>
<version>68.6.0</version>
<time>1585085466</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>787142</requestid>
</revision>
<revision rev="229" vrev="1">
<srcmd5>25058cc05ecec1896ccbb1196cc87a0e</srcmd5>
<version>68.7.0</version>
<time>1586973137</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>793242</requestid>
</revision>
<revision rev="230" vrev="1">
<srcmd5>c6add08517b15d49ac9b9e9b752aed8f</srcmd5>
<version>68.8.0</version>
<time>1588866685</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 68.8.0
* Account Manager fixes and improvements
* https://www.thunderbird.net/en-US/thunderbird/68.8.0/releasenotes
MFSA 2020-18 (bsc#1171186)
* CVE-2020-12397 (bmo#1617370)
Sender Email Address Spoofing using encoded Unicode characters
* CVE-2020-12387 (bmo#1545345)
Use-after-free during worker shutdown
* CVE-2020-6831 (bmo#1632241)
Buffer overflow in SCTP chunk input validation
* CVE-2020-12392 (bmo#1614468)
Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393 (bmo#1615471)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
Memory safety bugs fixed in Thunderbird 68.8.0
- removed obsolete patch mozilla-bmo1580963.patch
- Add mozilla-bmo1580963.patch to fix build with rust 1.43
(bmo#1580963)
In general, these flaws cannot be exploited through email in</comment>
<requestid>800587</requestid>
</revision>
<revision rev="231" vrev="1">
<srcmd5>021193f2224f39a2e0813434440377a5</srcmd5>
<version>68.8.1</version>
<time>1590649781</time>
<user>maxlin_factory</user>
<comment></comment>
<requestid>808609</requestid>
</revision>
<revision rev="232" vrev="1">
<srcmd5>939f713da4545ee56da679db40912366</srcmd5>
<version>68.9.0</version>
<time>1591653476</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>812112</requestid>
</revision>
<revision rev="233" vrev="2">
<srcmd5>64095bcbf99a3c57697ecbda742f26f2</srcmd5>
<version>68.9.0</version>
<time>1592151305</time>
<user>dimstar_suse</user>
<comment>- build with nodejs10 to be able to drop nodejs8 from TW
- updated create-tar.sh</comment>
<requestid>813558</requestid>
</revision>
<revision rev="234" vrev="1">
<srcmd5>592c9ef9900c9ae29679ce4fb307a0db</srcmd5>
<version>68.10.0</version>
<time>1594044856</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>818251</requestid>
</revision>
<revision rev="235" vrev="1">
<srcmd5>b5d10cebb962d84edc8362e9ec929e30</srcmd5>
<version>68.11.0</version>
<time>1596651972</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>823878</requestid>
</revision>
<revision rev="236" vrev="2">
<srcmd5>61ba501f5f6339664319b912f441699b</srcmd5>
<version>68.11.0</version>
<time>1598167212</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>828128</requestid>
</revision>
<revision rev="237" vrev="1">
<srcmd5>cd21a5f0881ffaae7e99c7b49235e0b7</srcmd5>
<version>68.12.0</version>
<time>1599666439</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>832601</requestid>
</revision>
<revision rev="238" vrev="1">
<srcmd5>e92059184da46b9d08afc8bbccc0a8f7</srcmd5>
<version>78.3.1</version>
<time>1601744152</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.3.1
* fix crash in nsImapProtocol::CreateNewLineFromSocket (bmo#1667120)
- Mozilla Thunderbird 78.3.0
MFSA 2020-44 (bsc#1176756)
* CVE-2020-15677 (bmo#1641487)
Download origin spoofing via redirect
* CVE-2020-15676 (bmo#1646140)
XSS when pasting attacker-controlled data into a
contenteditable element
* CVE-2020-15678 (bmo#1660211)
When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-
free scenario
* CVE-2020-15673 (bmo#1648493, bmo#1660800)
Memory safety bugs fixed in Thunderbird 78.3
- requires NSPR >= 4.25.1
- removed obsolete thunderbird-bmo1664607.patch
- Mozilla Thunderbird 78.2.2
https://www.thunderbird.net/en-US/thunderbird/78.2.2/releasenotes
- added thunderbird-bmo1664607.patch required for builds w/o updater
(boo#1176384)
- Mozilla Thunderbird 78.2.1
* based on Mozilla's 78 ESR codebase
* many new and changed features
https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/#whatsnew
* built-in OpenPGP support (enigmail neither required nor supported)
- added platform patches:</comment>
<requestid>838449</requestid>
</revision>
<revision rev="239" vrev="1">
<srcmd5>5bd9c7fa41bc48f4538a657082a7fe43</srcmd5>
<version>78.3.2</version>
<time>1602155398</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.3.2
* OpenPGP: Improved support for encrypting with subkeys
* OpenPGP: Encrypted messages with international characters were
sometimes displayed incorrectly
* Single-click deletion of recipient pills with middle mouse
button restored
* Searching an address book list did not display results
* Dark mode, high contrast, and Windows theming fixes</comment>
<requestid>840001</requestid>
</revision>
<revision rev="240" vrev="1">
<srcmd5>5b8b03040b853a037a7de09c9dc3e7a6</srcmd5>
<version>78.3.3</version>
<time>1603202505</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.3.3
* OpenPGP: Improved support for encrypting with subkeys
* OpenPGP message status icons were not visible in message header pane
* OpenPGP Key Manager was missing from Tools menu on macOS
* Creating a new calendar event did not require an event title
- remove python2 dependencies for TW
- support wayland mode/autodetection in startup wrapper
- replace some Requires to use requires_ge macro where appropriate
- improve langpack build (as already used for Firefox)
- add ccache statistics output to build</comment>
<requestid>842109</requestid>
</revision>
<revision rev="241" vrev="1">
<srcmd5>9288b92e12768722d016e5eccf5492c0</srcmd5>
<version>78.4.0</version>
<time>1603724896</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.4.0
* MailExtensions: browser.tabs.sendMessage API added
* MailExtensions: messageDisplayScripts API added
* Yahoo and AOL mail users using password authentication will be
migrated to OAuth2
* MailExtensions: messageDisplay APIs extended to support multiple
selected messages
* MailExtensions: compose.begin functions now support creating a
message with attachments
* multiple bugfixes
MFSA 2020-47 (bsc#1177872)
* CVE-2020-15969 (bmo#1666570)
Use-after-free in usersctp
* CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, bmo#1662760,
bmo#1663439, bmo#1666140)
Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4</comment>
<requestid>843275</requestid>
</revision>
<revision rev="242" vrev="1">
<srcmd5>1ab7ca7ce84842fb40478cd8ff57247e</srcmd5>
<version>78.4.3</version>
<time>1605450072</time>
<user>dimstar_suse</user>
<comment>Please give this a try with rust 1.47. The patch is taken from the Fedora repo to fix the build.
I cannot test locally unfortunately.
(Please note that TB 78.4.3 is currently not fully released upstream but in the pipeline as RC but it most likely means that the source check service fails.)
- Mozilla Thunderbird 78.4.3
https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/
- added mozilla-rust-1.47.patch to fix build with rust 1.47
- Mozilla Thunderbird 78.4.2
MFSA 2020-49
* CVE-2020-26950 (bmo#1675905)
Write side effects in MCallGetProperty opcode not accounted for
- Mozilla Thunderbird 78.4.1
* Bugfixes and minor features
https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/</comment>
<requestid>847757</requestid>
</revision>
<revision rev="243" vrev="1">
<srcmd5>ca6d45f77b369d08f81aaa4e24558b8e</srcmd5>
<version>78.5.0</version>
<time>1605958829</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.5.0
MFSA 2020-52 (bsc#1178894)
* CVE-2020-26951 (bmo#1667113)
Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
* CVE-2020-16012 (bmo#1642028)
Variable time processing of cross-origin images during
drawImage calls
* CVE-2020-26953 (bmo#1656741)
Fullscreen could be enabled without displaying the security
UI
* CVE-2020-26956 (bmo#1666300)
XSS through paste (manual and clipboard API)
* CVE-2020-26958 (bmo#1669355)
Requests intercepted through ServiceWorkers lacked MIME type
restrictions
* CVE-2020-26959 (bmo#1669466)
Use-after-free in WebRequestService
* CVE-2020-26960 (bmo#1670358)
Potential use-after-free in uses of nsTArray
* CVE-2020-15999 (bmo#1672223)
Heap buffer overflow in freetype
* CVE-2020-26961 (bmo#1672528)
DoH did not filter IPv4 mapped IP Addresses
* CVE-2020-26965 (bmo#1661617)
Software keyboards may have remembered typed passwords
* CVE-2020-26966 (bmo#1663571)
Single-word search queries were also broadcast to local
network
* CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,</comment>
<requestid>849310</requestid>
</revision>
<revision rev="244" vrev="1">
<srcmd5>eb63c2155c4a33aebce8fc979606c7ba</srcmd5>
<version>78.5.1</version>
<time>1607113578</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.5.1
MFSA 2020-53 (bsc#1179530)
* CVE-2020-26970 (bmo#1677338)
Stack overflow due to incorrect parsing of SMTP server response codes</comment>
<requestid>852686</requestid>
</revision>
<revision rev="245" vrev="1">
<srcmd5>9ae7eac9699771f600dce2e3686cfb71</srcmd5>
<version>78.6.0</version>
<time>1608835201</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.6.0
* changes and additions in MailExtensions
* several bugfixes
* https://www.thunderbird.net/en-US/thunderbird/78.6.0/releasenotes/
MFSA 2020-56 (bsc#1180039))
* CVE-2020-16042 (bmo#1679003)
Operations on a BigInt could have caused uninitialized memory
to be exposed
* CVE-2020-26971 (bmo#1663466)
Heap buffer overflow in WebGL
* CVE-2020-26973 (bmo#1680084)
CSS Sanitizer performed incorrect sanitization
* CVE-2020-26974 (bmo#1681022)
Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
* CVE-2020-26978 (bmo#1677047)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2020-35111 (bmo#1657916)
The proxy.onRequest API did not catch view-source URLs
* CVE-2020-35112 (bmo#1661365)
Opening an extension-less download may have inadvertently
launched an executable instead
* CVE-2020-35113 (bmo#1664831, bmo#1673589)
Memory safety bugs fixed in Thunderbird 78.6</comment>
<requestid>856497</requestid>
</revision>
<revision rev="246" vrev="1">
<srcmd5>c50e43c871c314101679c86d28bc3a76</srcmd5>
<version>78.6.1</version>
<time>1610965600</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.6.1
MFSA 2021-02 (bsc#1180623)
* CVE-2020-16044 (bmo#1683964)
Use-after-free write when handling a malicious COOKIE-ECHO SCTP
chunk</comment>
<requestid>862980</requestid>
</revision>
<revision rev="247" vrev="1">
<srcmd5>ee97ffe140d4f246c6a30b92b41456ad</srcmd5>
<version>78.7.0</version>
<time>1611928550</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.7.0
MFSA 2021-05 (bsc#1181414)
* CVE-2021-23953 (bmo#1683940)
Cross-origin information leakage via redirected PDF requests
* CVE-2021-23954 (bmo#1684020)
Type confusion when using logical assignment operators in
JavaScript switch statements
* CVE-2020-15685 (bmo#1622640)
IMAP Response Injection when using STARTTLS
* CVE-2020-26976 (bmo#1674343)
HTTPS pages could have been intercepted by a registered
service worker when they should not have been
* CVE-2021-23960 (bmo#1675755)
Use-after-poison for incorrectly redeclared JavaScript
variables during GC
* CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526,
bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844,
bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410,
bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736,
bmo#1685260, bmo#1685925)
Memory safety bugs fixed in Thunderbird 78.7
- MozillaThunderbird.spec: Don't abuse BUILDROOT during %build as newer
rpm versions in TW remove everything there as the first action
of %install</comment>
<requestid>867009</requestid>
</revision>
<revision rev="248" vrev="1">
<srcmd5>0fb80c2143dbfb3222746021862345c5</srcmd5>
<version>78.7.1</version>
<time>1613044048</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.7.1
* CardDAV address books now support OAuth2 and Google Contacts
* Thunderbird will no longer allow installation of addons that
use legacy APIs</comment>
<requestid>869925</requestid>
</revision>
<revision rev="249" vrev="1">
<srcmd5>2101365761ac5df1301a3ddaab6d8067</srcmd5>
<version>78.8.0</version>
<time>1614684414</time>
<user>RBrownSUSE</user>
<comment>- Mozilla Thunderbird 78.8.0
* various bugfixes
MFSA 2021-09 (bsc#1182614)
* CVE-2021-23969 (bmo#1542194)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23968 (bmo#1687342)
Content Security Policy violation report could have contained
the destination of a redirect
* CVE-2021-23973 (bmo#1690976)
MediaError message property could have leaked information
about cross-origin resources
* CVE-2021-23978 (bmo#786797, bmo#1682928, bmo#1687391,
bmo#1687597)
Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8</comment>
<requestid>874775</requestid>
</revision>
<revision rev="250" vrev="1">
<srcmd5>b24cfb4940778efbfbb86566680094a7</srcmd5>
<version>78.8.1</version>
<time>1615552288</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.8.1
* several bugfixes and improvements
* https://www.thunderbird.net/en-US/thunderbird/78.8.1/releasenotes/
- updated create-tar.sh (bsc#1182357)</comment>
<requestid>878160</requestid>
</revision>
<revision rev="251" vrev="1">
<srcmd5>350e2e1347b816d48ce7256174447f19</srcmd5>
<version>78.9.0</version>
<time>1617722946</time>
<user>RBrownSUSE</user>
<comment>- Mozilla Thunderbird 78.9.0
* bugfixes:
https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes
MFSA 2021-12 (boo#1183942)
* CVE-2021-23981 (bmo#1692832)
Texture upload into an unbound backing buffer resulted in an
out-of-bound read
* MOZ-2021-0002 (bmo#1691547)
Angle graphics library out of date
* CVE-2021-23982 (bmo#1677046)
Internal network hosts could have been probed by a malicious
webpage
* CVE-2021-23984 (bmo#1693664)
Malicious extensions could have spoofed popup information
* CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, bmo#1690718)
Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)</comment>
<requestid>881213</requestid>
</revision>
<revision rev="252" vrev="1">
<srcmd5>d8d33a3af7ecec70a7c6e704e6f36eca</srcmd5>
<version>78.9.1</version>
<time>1618498601</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.9.1
* Support recipient aliases for OpenPGP encryption
* The key and signature parts of the message security popup on a
received message could not be selected for copy/paste
* Various UX and theme improvements
MFSA 2021-13
* CVE-2021-23991 (bmo#1673240)
An attacker may use Thunderbird's OpenPGP key refresh mechanism
to poison an existing key
* MOZ-2021-23992 (bmo#1666236)
A crafted OpenPGP key with an invalid user ID could be used to
confuse the user
* CVE-2021-23993 (bmo#1666360)
Inability to send encrypted OpenPGP email after importing a
crafted OpenPGP key</comment>
<requestid>884316</requestid>
</revision>
<revision rev="253" vrev="1">
<srcmd5>50fdc1c252c6df39a18ac72d062fbd70</srcmd5>
<version>78.10.0</version>
<time>1619192996</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.10.0
MFSA 2021-14 (bsc#1184960)
* CVE-2021-23994 (bmo#1699077)
Out of bound write due to lazy initialization
* CVE-2021-23995 (bmo#1699835)
Use-after-free in Responsive Design Mode
* CVE-2021-23998 (bmo#1667456)
Secure Lock icon could have been spoofed
* CVE-2021-23961 (bmo#1677940)
More internal network hosts could have been probed by a
malicious webpage
* CVE-2021-23999 (bmo#1691153)
Blob URLs may have been granted additional privileges
* CVE-2021-24002 (bmo#1702374)
Arbitrary FTP command execution on FTP servers using an
encoded URL
* CVE-2021-29945 (bmo#1700690)
Incorrect size computation in WebAssembly JIT could lead to
null-reads
* CVE-2021-29946 (bmo#1698503)
Port blocking could be bypassed
* CVE-2021-29948 (bmo#1692899)
Race condition when reading from disk while verifying
signatures
- recommend libotr5</comment>
<requestid>886906</requestid>
</revision>
<revision rev="254" vrev="1">
<srcmd5>e7181ec2ebe372c1f3775c2d132568ad</srcmd5>
<version>78.10.1</version>
<time>1620653781</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>891142</requestid>
</revision>
<revision rev="255" vrev="1">
<srcmd5>5f25da428ceaad3dc432221a4eff56af</srcmd5>
<version>78.10.2</version>
<time>1621531410</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.10.2
* Added support for importing OpenPGP keys without a primary
secret key
* Add-ons manager displays a preferences icon for mail extensions
that include an options page
Fixed
* OpenPGP messages with a high compression ratio (over 10x) could
not be decrypted
* Selected OpenPGP key was lost after opening the Key Properties
dialog in Account Settings
* Parsing some OpenPGP user IDs failed
* Various improvements to OpenPGP partial encryption reminders
* Mail toolbar buttons were too big when displaying both icons
and text
MFSA 2021-22
* CVE-2021-29956 (bmo#1710290)
Thunderbird stored OpenPGP secret keys without master password
protection
* CVE-2021-29957 (bmo#1673241)
Partial protection of inline OpenPGP message not indicated
- do not rely on nodejs10 explicitely</comment>
<requestid>894215</requestid>
</revision>
<revision rev="256" vrev="1">
<srcmd5>8f3061d0f0d918837ada61386d9e6ee0</srcmd5>
<version>78.11.0</version>
<time>1623268262</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.11.0
* OpenPGP could not be disabled for an account if a key was
previously configured
* Recipients were unable to decrypt some messages when the sender
had changed the message encryption from OpenPGP to S/MIME
* Contacts moved between CardDAV address books were not synced to
the new server
* CardDAV compatibility fixes for Google Contacts
MFSA 2021-26 (bsc#1186696)
* CVE-2021-29964 (bmo#1706501)
Out of bounds-read when parsing a `WM_COPYDATA` message
* CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
bmo#1704722, bmo#1706041)
Memory safety bugs fixed in Thunderbird 78.11
- renewed expired mozilla.keyring
* CVE-2021-29956 (boo#1186199, bmo#1710290)
* CVE-2021-29957 (boo#1186198, bmo#1673241)</comment>
<requestid>897289</requestid>
</revision>
<revision rev="257" vrev="1">
<srcmd5>8575886d2601e7a94cf6a870d683b5e5</srcmd5>
<version>78.12.0</version>
<time>1626557784</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 78.12.0
MFSA 2021-30 (bsc#1188275)
* CVE-2021-29969 (bmo#1682370)
IMAP server responses sent by a MITM prior to STARTTLS could be
processed
* CVE-2021-29970 (bmo#1709976)
Use-after-free in accessibility features of a document
* CVE-2021-30547 (bmo#1715766)
Out of bounds write in ANGLE
* CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
bmo#1711576, bmo#1714391)
Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12</comment>
<requestid>906332</requestid>
</revision>
<revision rev="258" vrev="1">
<srcmd5>155497b61b3c32946b20d68b7e34345b</srcmd5>
<version>78.13.0</version>
<time>1629101136</time>
<user>RBrownSUSE</user>
<comment>- Mozilla Thunderbird 78.13.0
* removed WeTransfer integration package (not supported by vendor
any longer)
MFSA 2021-35 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
Race condition when resolving DNS names could have led to
memory corruption
* CVE-2021-29988 (bmo#1717922)
Memory corruption as a result of incorrect style treatment
* CVE-2021-29984 (bmo#1720031)
Incorrect instruction reordering during JIT optimization
* CVE-2021-29980 (bmo#1722204)
Uninitialized memory in a canvas object could have led to
memory corruption
* CVE-2021-29985 (bmo#1722083)
Use-after-free media channels
* CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
bmo#1719998, bmo#1720568)
Memory safety bugs fixed in Thunderbird 78.13</comment>
<requestid>911495</requestid>
</revision>
<revision rev="259" vrev="1">
<srcmd5>c84bd4669d0a86e6ed6ddde07cacc223</srcmd5>
<version>91.0.1</version>
<time>1629795247</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.0.1
MFSA 2021-37 (bsc#1189547)
* CVE-2021-29991 (bmo#1724896)
Header Splitting possible with HTTP/3 Responses
- appdate screenshot URL updated (by mailaender@opensuse.org)
- Mozilla Thunderbird 91.0
* based on Mozilla's 91 ESR codebase
* many new and changed features
https://www.thunderbird.net/en-US/thunderbird/91.0/releasenotes/#whatsnew
* Renamed "Add-ons" to "Add-ons and Themes" and "Options" to "Preferences"
* Thunderbird now operates in multi-process (e10s) mode by default
* New user interface for adding attachments
* Enable redirect of messages
* CardDAV address book support
- Removed obsolete patches:
* mozilla-bmo1463035.patch
* mozilla-ppc-altivec_static_inline.patch
* mozilla-pipewire-0-3.patch
* mozilla-bmo1554971.patch
- add mozilla-libavcodec58_91.patch
- removed obsolete BigEndian ICU build workaround
- updated build requirements
- build using clang</comment>
<requestid>913013</requestid>
</revision>
<revision rev="260" vrev="1">
<srcmd5>f64e03666e751d4dd4f466d03204a9b5</srcmd5>
<version>91.0.3</version>
<time>1630697142</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>914797</requestid>
</revision>
<revision rev="261" vrev="1">
<srcmd5>992625b882f4725fcd0225e2546a6dfc</srcmd5>
<version>91.1.0</version>
<time>1631391863</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.1.0
* Thunderbird registered Accessibility Handlers using same GUIDs
as Firefox, causing performance issues for NVDA users
* Focus lost when reordering accounts by keyboard in the Account Manager
* Account setup did not use provider display name for setting up
calendars
* Various theme and UX fixes
MFSA 2021-41 (bsc#1190269)
* CVE-2021-38492 (bmo#1721107)
Navigating to `mk:` URL scheme could load Internet Explorer
* CVE-2021-38495 (bmo#1723391, bmo#1723920, bmo#1724101,
bmo#1724107)
Memory safety bugs fixed in Thunderbird 91.1
- (re-)added mozilla-silence-no-return-type.patch
- add mozilla-bmo531915.patch to fix build for i586</comment>
<requestid>917701</requestid>
</revision>
<revision rev="262" vrev="1">
<srcmd5>53d2ec2e1a04726189c164837fd8a84d</srcmd5>
<version>91.1.1</version>
<time>1632685707</time>
<user>dimstar_suse</user>
<comment>Automatic submission by obs-autosubmit</comment>
<requestid>921250</requestid>
</revision>
<revision rev="263" vrev="1">
<srcmd5>bceea3e18b99237bf6d14a3bb04662b3</srcmd5>
<version>91.1.2</version>
<time>1633466009</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.1.2
* Thunderbird will now warn if an S/MIME encrypted message includes
BCC recipients
* several bugfixes listed on
https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/</comment>
<requestid>922125</requestid>
</revision>
<revision rev="264" vrev="1">
<srcmd5>1600de8b48587053f4bd99b2f15ad067</srcmd5>
<version>91.2.0</version>
<time>1634068109</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.2.0
* Saving a single message as .eml now uses a unique filename
* New mail notifications did not properly take subfolders into account
* Decrypting binary attachments when using an external GnuPG
configuration failed
* Account name fields in the account manager were not big enough
for long names
* LDAP searches using an extensibleMatch filter returned no results
* Read-only CalDAV calendars and CardDAV address books were not detected
* Multipart messages containing a calendar invite did not display
any of the human-readable alternatives
* Some calendar days were displayed incorrectly or duplicated
(eg. two "29th" days of a particular month)
* Phantom event was shown at the end of each day in Calendar week view
MFSA 2021-46 (bsc#1191332)
* CVE-2021-38496 (bmo#1725335)
Use-after-free in MessageTask
* CVE-2021-38497 (bmo#1726621)
Validation message could have been overlaid on another origin
* CVE-2021-38498 (bmo#1729642)
Use-after-free of nsLanguageAtomService object
* CVE-2021-32810 (bmo#1729813,
https://github.com/crossbeam-
rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321)
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2</comment>
<requestid>924567</requestid>
</revision>
<revision rev="265" vrev="1">
<srcmd5>68087215d678c2e8dd604acf5f269e20</srcmd5>
<version>91.2.1</version>
<time>1635272012</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>927299</requestid>
</revision>
<revision rev="266" vrev="1">
<srcmd5>a9ae13bf5bc57a6f0ef2ac3d98409c55</srcmd5>
<version>91.3.0</version>
<time>1636218806</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.3.0
* several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.3.0/releasenotes/
MFSA 2021-50 (bsc#1192250)
* CVE-2021-38503 (bmo#1729517)
iframe sandbox rules did not apply to XSLT stylesheets
* CVE-2021-38504 (bmo#1730156)
Use-after-free in file picker dialog
* CVE-2021-38505 (bmo#1730194)
Windows 10 Cloud Clipboard may have recorded sensitive user data
* CVE-2021-38506 (bmo#1730750)
Thunderbird could be coaxed into going into fullscreen mode
without notification or warning
* CVE-2021-38507 (bmo#1730935)
Opportunistic Encryption in HTTP2 could be used to bypass the
Same-Origin-Policy on services hosted on other ports
* MOZ-2021-0008 (bmo#1667102)
Use-after-free in HTTP2 Session object
* CVE-2021-38508 (bmo#1366818)
Permission Prompt could be overlaid, resulting in user
confusion and potential spoofing
* CVE-2021-38509 (bmo#1718571)
Javascript alert box could have been spoofed onto an
arbitrary domain
* CVE-2021-38510 (bmo#1731779)
Download Protections were bypassed by .inetloc files on Mac OS
* MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048,
bmo#1735152)
Memory safety bugs fixed in Thunderbird ESR 91.3
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires</comment>
<requestid>929062</requestid>
</revision>
<revision rev="267" vrev="1">
<srcmd5>f62096b10afe22641953f10b3dcf2ff6</srcmd5>
<version>91.3.2</version>
<time>1637701798</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.3.2
* Date selection in Calendar print settings widget changed to use
mini calendar widget
* Bugfixes as outlined in release notes
https://www.thunderbird.net/en-US/thunderbird/91.3.2/releasenotes/
- Mozilla Thunderbird 91.3.1
* OpenPGP public keys will no longer count as an attachment in
the message list
* Adding a search engine via URL now supported
* FileLink messages' template updated; Thunderbird advertisement
removed
* After an update, Thunderbird will now check installed addons
for updates
* Bugfixes as outlined in release notes
https://www.thunderbird.net/en-US/thunderbird/91.3.1/releasenotes/</comment>
<requestid>932690</requestid>
</revision>
<revision rev="268" vrev="1">
<srcmd5>77f49d84357ee959b64dabac7cff6399</srcmd5>
<version>91.4.0</version>
<time>1639266970</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.4.0
* several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.4.0/releasenotes
MFSA 2021-54 (bsc#1193485)
* CVE-2021-43536 (bmo#1730120)
URL leakage when navigating while executing asynchronous
function
* CVE-2021-43537 (bmo#1738237)
Heap buffer overflow when using structured clone
* CVE-2021-43538 (bmo#1739091)
Missing fullscreen and pointer lock notification when
requesting both
* CVE-2021-43539 (bmo#1739683)
GC rooting failure when calling wasm instance methods
* CVE-2021-43541 (bmo#1696685)
External protocol handler parameters were unescaped
* CVE-2021-43542 (bmo#1723281)
XMLHttpRequest error codes could have leaked the existence of
an external protocol handler
* CVE-2021-43543 (bmo#1738418)
Bypass of CSP sandbox directive when embedding
* CVE-2021-43545 (bmo#1720926)
Denial of Service when using the Location API in a loop
* CVE-2021-43546 (bmo#1737751)
Cursor spoofing could overlay user interface when native
cursor is zoomed
* CVE-2021-43528 (bmo#1742579)
JavaScript unexpectedly enabled for the composition area
* MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
bmo#1737009, bmo#1739372, bmo#1739421)</comment>
<requestid>936365</requestid>
</revision>
<revision rev="269" vrev="1">
<srcmd5>16b75a5a800d17963896328ee1bfd9b3</srcmd5>
<version>91.4.1</version>
<time>1640200662</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.4.1
* several fixes as outlined here
https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/
MFSA 2021-55 (bsc#1193845)
* CVE-2021-4126 (bmo#1732310)
OpenPGP signature status doesn't consider additional message
content
* CVE-2021-44538 (bmo#1744056)
Matrix chat library libolm bundled with Thunderbird
vulnerable to a buffer overflow
- updated _constraints</comment>
<requestid>941707</requestid>
</revision>
<revision rev="270" vrev="2">
<srcmd5>b5b7067c1893e7b0385046c6d8ec6c92</srcmd5>
<version>91.4.1</version>
<time>1640876128</time>
<user>dimstar_suse</user>
<comment></comment>
<requestid>943034</requestid>
</revision>
<revision rev="271" vrev="1">
<srcmd5>8fe1a174975d45f36083dd2ca6e8267a</srcmd5>
<version>91.5.0</version>
<time>1642029734</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.5.0
https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
MFSA 2022-03 (bsc#1194547)
* CVE-2022-22746 (bmo#1735071)
Calling into reportValidity could have lead to fullscreen
window spoof
* CVE-2022-22743 (bmo#1739220)
Browser window spoof using fullscreen mode
* CVE-2022-22742 (bmo#1739923)
Out-of-bounds memory access when inserting text in edit mode
* CVE-2022-22741 (bmo#1740389)
Browser window spoof using fullscreen mode
* CVE-2022-22740 (bmo#1742334)
Use-after-free of ChannelEventQueue::mOwner
* CVE-2022-22738 (bmo#1742382)
Heap-buffer-overflow in blendGaussianBlur
* CVE-2022-22737 (bmo#1745874)
Race condition when playing audio files
* CVE-2021-4140 (bmo#1746720)
Iframe sandbox bypass with XSLT
* CVE-2022-22748 (bmo#1705211)
Spoofed origin on external protocol launch dialog
* CVE-2022-22745 (bmo#1735856)
Leaking cross-origin URLs through securitypolicyviolation event
* CVE-2022-22744 (bmo#1737252)
The 'Copy as curl' feature in DevTools did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2022-22747 (bmo#1735028)
Crash when handling empty pkcs7 sequence
* CVE-2022-22739 (bmo#1744158)</comment>
<requestid>945701</requestid>
</revision>
<revision rev="272" vrev="1">
<srcmd5>2af08f2dad48ff71ffda3b41793496ff</srcmd5>
<version>91.5.1</version>
<time>1643486461</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.5.1
* JS LDAP implementation did not support self-signed SSL certificates
* After saving a draft and subsequently sending a FileLink email,
the original file was removed from disk
* Chat OTR encryption did not work
* OTR verification bar was not removed after completing verification
* Various theme improvements
- Enable -fimplicit-constexpr for GCC 12+.</comment>
<requestid>949349</requestid>
</revision>
<revision rev="273" vrev="1">
<srcmd5>6cb6b9be896be09e5a45ad479c37275c</srcmd5>
<version>91.6.0</version>
<time>1644778237</time>
<user>dimstar_suse</user>
<comment>- Mozilla Thunderbird 91.6.0
* TB will now offer to send large forwarded attachments via FileLink
* Partially signed unencrypted messages displayed an incorrect
"parrtially encrypted" notification
* Attachments filenames were not sanitized before saving to disk
* In the attachment bar, the "Import OpenPGP Key" item displayed
for public keys displayed an error and did not import the key
* "Open with" attachment dialog did not have a selected radio
button option
MFSA 2022-06 (bsc#1195682)
* CVE-2022-22753 (bmo#1732435)
Privilege Escalation to SYSTEM on Windows via Maintenance
Service
* CVE-2022-22754 (bmo#1750565)
Extensions could have bypassed permission confirmation during
update
* CVE-2022-22756 (bmo#1317873)
Drag and dropping an image could have resulted in the dropped
object being an executable
* CVE-2022-22759 (bmo#1739957)
Sandboxed iframes could have executed script if the parent
appended elements
* CVE-2022-22760 (bmo#1740985, bmo#1748503)
Cross-Origin responses could be distinguished between script
and non-script content-types
* CVE-2022-22761 (bmo#1745566)
frame-ancestors Content Security Policy directive was not
enforced for framed extension pages
* CVE-2022-22763 (bmo#1740534)
Script Execution during invalid object state</comment>
<requestid>953831</requestid>
</revision>
</revisionlist>