Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2022-01-13 00:22:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Thu Jan 13 00:22:14 2022 rev:271 rq:945701 version:91.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2021-12-30 15:55:40.996666697 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/MozillaThunderbird.changes 2022-01-13 00:22:52.787952237 +0100 @@ -1,0 +2,39 @@ +Fri Jan 7 16:13:57 UTC 2022 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Thunderbird 91.5.0 + https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes + MFSA 2022-03 (bsc#1194547) + * CVE-2022-22746 (bmo#1735071) + Calling into reportValidity could have lead to fullscreen + window spoof + * CVE-2022-22743 (bmo#1739220) + Browser window spoof using fullscreen mode + * CVE-2022-22742 (bmo#1739923) + Out-of-bounds memory access when inserting text in edit mode + * CVE-2022-22741 (bmo#1740389) + Browser window spoof using fullscreen mode + * CVE-2022-22740 (bmo#1742334) + Use-after-free of ChannelEventQueue::mOwner + * CVE-2022-22738 (bmo#1742382) + Heap-buffer-overflow in blendGaussianBlur + * CVE-2022-22737 (bmo#1745874) + Race condition when playing audio files + * CVE-2021-4140 (bmo#1746720) + Iframe sandbox bypass with XSLT + * CVE-2022-22748 (bmo#1705211) + Spoofed origin on external protocol launch dialog + * CVE-2022-22745 (bmo#1735856) + Leaking cross-origin URLs through securitypolicyviolation event + * CVE-2022-22744 (bmo#1737252) + The 'Copy as curl' feature in DevTools did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2022-22747 (bmo#1735028) + Crash when handling empty pkcs7 sequence + * CVE-2022-22739 (bmo#1744158) + Missing throttling on external protocol launch dialog + * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366, + bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, bmo#1743221, + bmo#1743515, bmo#1745373, bmo#1746011) + Memory safety bugs fixed in Thunderbird 91.5 + +------------------------------------------------------------------- Old: ---- l10n-91.4.1.tar.xz thunderbird-91.4.1.source.tar.xz thunderbird-91.4.1.source.tar.xz.asc New: ---- l10n-91.5.0.tar.xz thunderbird-91.5.0.source.tar.xz thunderbird-91.5.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.GXZvpo/_old 2022-01-13 00:23:01.939958825 +0100 +++ /var/tmp/diff_new_pack.GXZvpo/_new 2022-01-13 00:23:01.951958833 +0100 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # 2006-2021 Wolfgang Rosenauer <w...@rosenauer.org> # # All modifications and additions to the file contributed by third parties @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 91 -%define mainver %major.4.1 -%define orig_version 91.4.1 +%define mainver %major.5.0 +%define orig_version 91.5.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} ++++++ l10n-91.4.1.tar.xz -> l10n-91.5.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-91.4.1.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/l10n-91.5.0.tar.xz differ: char 26, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.GXZvpo/_old 2022-01-13 00:23:02.147958974 +0100 +++ /var/tmp/diff_new_pack.GXZvpo/_new 2022-01-13 00:23:02.147958974 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr91" -VERSION="91.4.1" +VERSION="91.5.0" VERSION_SUFFIX="" -PREV_VERSION="91.4.0" +PREV_VERSION="91.4.1" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91"; -RELEASE_TAG="11529576c3a7d89514771d1e0f5fa116eef29b81" -RELEASE_TIMESTAMP="20211216022855" +RELEASE_TAG="bcd2aab51cd0889d506d29455210d65602b97430" +RELEASE_TIMESTAMP="20220106182030" ++++++ thunderbird-91.4.1.source.tar.xz -> thunderbird-91.5.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-91.4.1.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/thunderbird-91.5.0.source.tar.xz differ: char 15, line 1
