Hello community,
here is the log from the commit of package MozillaThunderbird for
openSUSE:Factory checked in at 2020-08-05 20:26:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old)
and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird"
Wed Aug 5 20:26:12 2020 rev:235 rq:823878 version:68.11.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes
2020-07-06 16:14:37.608458940 +0200
+++
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592/MozillaThunderbird.changes
2020-08-05 20:26:26.127026387 +0200
@@ -1,0 +2,18 @@
+Sat Aug 1 09:54:53 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- Mozilla Thunderbird 68.11.0
+ * fixed: FileLink attachments included as a link and file when
+ added from a network drive via drag & drop (bmo#793118)
+ MFSA 2020-35 (bsc#1174538)
+ * CVE-2020-15652 (bmo#1634872)
+ Potential leak of redirect targets when loading scripts in a
+ worker
+ * CVE-2020-6514 (bmo#1642792)
+ WebRTC data channel leaks internal address to peer
+ * CVE-2020-6463 (bmo#1635293)
+ Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
+ bmo#1650811)
+ Memory safety bugs fixed in Thunderbird 68.11
+
+-------------------------------------------------------------------
@@ -8,0 +27,16 @@
+ MFSA 2020-26 (bsc#1173576)
+ * CVE-2020-12417 (bmo#1640737)
+ Memory corruption due to missing sign-extension for ValueTags
+ on ARM64
+ * CVE-2020-12418 (bmo#1641303)
+ Information disclosure due to manipulated URL object
+ * CVE-2020-12419 (bmo#1643874)
+ Use-after-free in nsGlobalWindowInner
+ * CVE-2020-12420 (bmo#1643437)
+ Use-After-Free when trying to connect to a STUN server
+ * MFSA-2020-0001 (bmo#1606610)
+ Automatic account setup leaks Microsoft Exchange login
+ credentials
+ * CVE-2020-12421 (bmo#1308251)
+ Add-On updates did not respect the same certificate trust
+ rules as software updates
Old:
----
l10n-68.10.0.tar.xz
thunderbird-68.10.0.source.tar.xz
thunderbird-68.10.0.source.tar.xz.asc
New:
----
l10n-68.11.0.tar.xz
thunderbird-68.11.0.source.tar.xz
thunderbird-68.11.0.source.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MozillaThunderbird.spec ++++++
--- /var/tmp/diff_new_pack.qmLtAR/_old 2020-08-05 20:26:43.955032026 +0200
+++ /var/tmp/diff_new_pack.qmLtAR/_new 2020-08-05 20:26:43.955032026 +0200
@@ -26,8 +26,8 @@
# major 69
# mainver %major.99
%define major 68
-%define mainver %major.10.0
-%define orig_version 68.10.0
+%define mainver %major.11.0
+%define orig_version 68.11.0
%define orig_suffix %{nil}
%define update_channel release
%define source_prefix thunderbird-%{mainver}
++++++ l10n-68.10.0.tar.xz -> l10n-68.11.0.tar.xz ++++++
++++++ tar_stamps ++++++
--- /var/tmp/diff_new_pack.qmLtAR/_old 2020-08-05 20:26:44.223032111 +0200
+++ /var/tmp/diff_new_pack.qmLtAR/_new 2020-08-05 20:26:44.223032111 +0200
@@ -1,10 +1,10 @@
PRODUCT="thunderbird"
CHANNEL="esr68"
-VERSION="68.10.0"
+VERSION="68.11.0"
VERSION_SUFFIX=""
-PREV_VERSION="68.9.0"
+PREV_VERSION="68.10.0"
PREV_VERSION_SUFFIX=""
#SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation
RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68";
-RELEASE_TAG="6a7c26eb22bfe18295497c720a73e24b29b0604e"
-RELEASE_TIMESTAMP="20200629235513"
+RELEASE_TAG="a247645d951bcedb356a0d9f273e878a7d4d2180"
+RELEASE_TIMESTAMP="20200721201500"
++++++ thunderbird-68.10.0.source.tar.xz -> thunderbird-68.11.0.source.tar.xz
++++++
/work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-68.10.0.source.tar.xz
/work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3592/thunderbird-68.11.0.source.tar.xz
differ: char 15, line 1
