Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package MozillaThunderbird for 
openSUSE:Factory checked in at 2022-01-13 00:22:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old)
 and      /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "MozillaThunderbird"

Thu Jan 13 00:22:14 2022 rev:271 rq:945701 version:91.5.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes    
2021-12-30 15:55:40.996666697 +0100
+++ 
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/MozillaThunderbird.changes
  2022-01-13 00:22:52.787952237 +0100
@@ -1,0 +2,39 @@
+Fri Jan  7 16:13:57 UTC 2022 - Wolfgang Rosenauer <w...@rosenauer.org>
+
+- Mozilla Thunderbird 91.5.0
+  https://www.thunderbird.net/en-US/thunderbird/91.5.0/releasenotes
+  MFSA 2022-03 (bsc#1194547)
+  * CVE-2022-22746 (bmo#1735071)
+    Calling into reportValidity could have lead to fullscreen
+    window spoof
+  * CVE-2022-22743 (bmo#1739220)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-22742 (bmo#1739923)
+    Out-of-bounds memory access when inserting text in edit mode
+  * CVE-2022-22741 (bmo#1740389)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-22740 (bmo#1742334)
+    Use-after-free of ChannelEventQueue::mOwner
+  * CVE-2022-22738 (bmo#1742382)
+    Heap-buffer-overflow in blendGaussianBlur
+  * CVE-2022-22737 (bmo#1745874)
+    Race condition when playing audio files
+  * CVE-2021-4140 (bmo#1746720)
+    Iframe sandbox bypass with XSLT
+  * CVE-2022-22748 (bmo#1705211)
+    Spoofed origin on external protocol launch dialog
+  * CVE-2022-22745 (bmo#1735856)
+    Leaking cross-origin URLs through securitypolicyviolation event
+  * CVE-2022-22744 (bmo#1737252)
+    The 'Copy as curl' feature in DevTools did not fully escape
+    website-controlled data, potentially leading to command injection
+  * CVE-2022-22747 (bmo#1735028)
+    Crash when handling empty pkcs7 sequence
+  * CVE-2022-22739 (bmo#1744158)
+    Missing throttling on external protocol launch dialog
+  * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
+    bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, bmo#1743221,
+    bmo#1743515, bmo#1745373, bmo#1746011)
+    Memory safety bugs fixed in Thunderbird 91.5
+
+-------------------------------------------------------------------

Old:
----
  l10n-91.4.1.tar.xz
  thunderbird-91.4.1.source.tar.xz
  thunderbird-91.4.1.source.tar.xz.asc

New:
----
  l10n-91.5.0.tar.xz
  thunderbird-91.5.0.source.tar.xz
  thunderbird-91.5.0.source.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.GXZvpo/_old  2022-01-13 00:23:01.939958825 +0100
+++ /var/tmp/diff_new_pack.GXZvpo/_new  2022-01-13 00:23:01.951958833 +0100
@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #               2006-2021 Wolfgang Rosenauer <w...@rosenauer.org>
 #
 # All modifications and additions to the file contributed by third parties
@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          91
-%define mainver        %major.4.1
-%define orig_version   91.4.1
+%define mainver        %major.5.0
+%define orig_version   91.5.0
 %define orig_suffix    %{nil}
 %define update_channel release
 %define source_prefix  thunderbird-%{orig_version}

++++++ l10n-91.4.1.tar.xz -> l10n-91.5.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-91.4.1.tar.xz 
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/l10n-91.5.0.tar.xz 
differ: char 26, line 1

++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.GXZvpo/_old  2022-01-13 00:23:02.147958974 +0100
+++ /var/tmp/diff_new_pack.GXZvpo/_new  2022-01-13 00:23:02.147958974 +0100
@@ -1,11 +1,11 @@
 PRODUCT="thunderbird"
 CHANNEL="esr91"
-VERSION="91.4.1"
+VERSION="91.5.0"
 VERSION_SUFFIX=""
-PREV_VERSION="91.4.0"
+PREV_VERSION="91.4.1"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
 RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr91";
-RELEASE_TAG="11529576c3a7d89514771d1e0f5fa116eef29b81"
-RELEASE_TIMESTAMP="20211216022855"
+RELEASE_TAG="bcd2aab51cd0889d506d29455210d65602b97430"
+RELEASE_TIMESTAMP="20220106182030"
 

++++++ thunderbird-91.4.1.source.tar.xz -> thunderbird-91.5.0.source.tar.xz 
++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-91.4.1.source.tar.xz 
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1892/thunderbird-91.5.0.source.tar.xz
 differ: char 15, line 1

Reply via email to