Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2020-08-05 20:26:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Wed Aug 5 20:26:12 2020 rev:235 rq:823878 version:68.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2020-07-06 16:14:37.608458940 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592/MozillaThunderbird.changes 2020-08-05 20:26:26.127026387 +0200 @@ -1,0 +2,18 @@ +Sat Aug 1 09:54:53 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de> + +- Mozilla Thunderbird 68.11.0 + * fixed: FileLink attachments included as a link and file when + added from a network drive via drag & drop (bmo#793118) + MFSA 2020-35 (bsc#1174538) + * CVE-2020-15652 (bmo#1634872) + Potential leak of redirect targets when loading scripts in a + worker + * CVE-2020-6514 (bmo#1642792) + WebRTC data channel leaks internal address to peer + * CVE-2020-6463 (bmo#1635293) + Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787, + bmo#1650811) + Memory safety bugs fixed in Thunderbird 68.11 + +------------------------------------------------------------------- @@ -8,0 +27,16 @@ + MFSA 2020-26 (bsc#1173576) + * CVE-2020-12417 (bmo#1640737) + Memory corruption due to missing sign-extension for ValueTags + on ARM64 + * CVE-2020-12418 (bmo#1641303) + Information disclosure due to manipulated URL object + * CVE-2020-12419 (bmo#1643874) + Use-after-free in nsGlobalWindowInner + * CVE-2020-12420 (bmo#1643437) + Use-After-Free when trying to connect to a STUN server + * MFSA-2020-0001 (bmo#1606610) + Automatic account setup leaks Microsoft Exchange login + credentials + * CVE-2020-12421 (bmo#1308251) + Add-On updates did not respect the same certificate trust + rules as software updates Old: ---- l10n-68.10.0.tar.xz thunderbird-68.10.0.source.tar.xz thunderbird-68.10.0.source.tar.xz.asc New: ---- l10n-68.11.0.tar.xz thunderbird-68.11.0.source.tar.xz thunderbird-68.11.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.qmLtAR/_old 2020-08-05 20:26:43.955032026 +0200 +++ /var/tmp/diff_new_pack.qmLtAR/_new 2020-08-05 20:26:43.955032026 +0200 @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.10.0 -%define orig_version 68.10.0 +%define mainver %major.11.0 +%define orig_version 68.11.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{mainver} ++++++ l10n-68.10.0.tar.xz -> l10n-68.11.0.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.qmLtAR/_old 2020-08-05 20:26:44.223032111 +0200 +++ /var/tmp/diff_new_pack.qmLtAR/_new 2020-08-05 20:26:44.223032111 +0200 @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.10.0" +VERSION="68.11.0" VERSION_SUFFIX="" -PREV_VERSION="68.9.0" +PREV_VERSION="68.10.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68" -RELEASE_TAG="6a7c26eb22bfe18295497c720a73e24b29b0604e" -RELEASE_TIMESTAMP="20200629235513" +RELEASE_TAG="a247645d951bcedb356a0d9f273e878a7d4d2180" +RELEASE_TIMESTAMP="20200721201500" ++++++ thunderbird-68.10.0.source.tar.xz -> thunderbird-68.11.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-68.10.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592/thunderbird-68.11.0.source.tar.xz differ: char 15, line 1