File _patchinfo of Package patchinfo.30645

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.30645

<patchinfo incident="30645">
  <issue tracker="bnc" id="1214606">VUL-0: MozillaFirefox / MozillaThunderbird: update to 117 and 115.2esr</issue>
  <issue tracker="bnc" id="1215245">VUL-0: MozillaFirefox / MozillaThunderbird: update to 117.0.1 and 115.2.1esr</issue>
  <issue tracker="bnc" id="1215231">VUL-0: CVE-2023-4863: libwebp,MozillaFirefox,MozillaThunderbird,chromium,ungoogled-chromium: Heap buffer overflow in WebP</issue>
  <issue tracker="cve" id="2023-4580"/>
  <issue tracker="cve" id="2023-4584"/>
  <issue tracker="cve" id="2023-4582"/>
  <issue tracker="cve" id="2023-4051"/>
  <issue tracker="cve" id="2023-4053"/>
  <issue tracker="cve" id="2023-4581"/>
  <issue tracker="cve" id="2023-4577"/>
  <issue tracker="cve" id="2023-4574"/>
  <issue tracker="cve" id="2023-4573"/>
  <issue tracker="cve" id="2023-4585"/>
  <issue tracker="cve" id="2023-4863"/>
  <issue tracker="cve" id="2023-4576"/>
  <issue tracker="cve" id="2023-4575"/>
  <issue tracker="cve" id="2023-4583"/>
  <issue tracker="cve" id="2023-4578"/>
  <packager>MSirringhaus</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for MozillaThunderbird</summary>
  <description>This update for MozillaThunderbird fixes the following issues:

Security fixes:

- Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)
  - CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649).
  
- Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)
  - CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687) 
  - CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688) 
  - CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689) 
  - CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694) 
  - CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397) 
  - CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884) 
  - CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007) 
  - CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079) 
  - CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046) 
  - CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758) 
  - CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874) 
  - CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030) 
  - CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529) 
  - CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999)

Other fixes:

Mozilla Thunderbird 115.2.1
  * new: Column separators are now shown between all columns in
    tree view (bmo#1847441)
  * fixed: Crash reporter did not work in Thunderbird Flatpak
    (bmo#1843102)
  * fixed: New mail notification always opened message in message
    pane, even if pane was disabled (bmo#1840092)
  * fixed: After moving an IMAP message to another folder, the
    incorrect message was selected in the message list
    (bmo#1845376)
  * fixed: Adding a tag to an IMAP message opened in a tab failed
    (bmo#1844452)
  * fixed: Junk/Spam folders were not always shown in Unified
    Folders mode (bmo#1838672)
  * fixed: Middle-clicking a folder or message did not open it in
    a background tab, as in previous versions (bmo#1842482)
  * fixed: Settings tab visual improvements: Advanced Fonts
    dialog, Section headers hidden behind search box
    (bmo#1717382,bmo#1846751)
  * fixed: Various visual and style fixes
    (bmo#1843707,bmo#1849823)
  
Mozilla Thunderbird 115.2
  * new: Thunderbird MSIX packages are now published on
    archive.mozilla.org (bmo#1817657)
  * changed: Size, Unread, and Total columns are now right-
    aligned (bmo#1848604)
  * changed: Newsgroup names in message list header are now
    abbreviated (bmo#1833298)
  * fixed: Message compose window did not apply theme colors to
    menus (bmo#1845699)
  * fixed: Reading the second new message in a folder cleared the
    unread indicator of all other new messages (bmo#1839805)
  * fixed: Displayed counts of unread or flagged messages could
    become out-of-sync (bmo#1846860)
  * fixed: Deleting a message from the context menu with messages
    sorted in chronological order and smooth scroll enabled
    caused message list to scroll to top (bmo#1843462)
  * fixed: Repeatedly switching accounts in Subscribe dialog
    caused tree view to stop updating (bmo#1845593)
  * fixed: "Ignore thread" caused message cards to display
    incorrectly in message list (bmo#1847966)
  * fixed: Creating tags from unified toolbar failed
    (bmo#1846336)
  * fixed: Cross-folder navigation using F and N did not work
    (bmo#1845011)
  * fixed: Account Manager did not resize to fit content, causing
    "Close" button to become hidden outside bounds of dialog when
    too many accounts were listed (bmo#1847555)
  * fixed: Remote content exceptions could not be added in
    Settings (bmo#1847576)
  * fixed: Newsgroup list file did not get updated after adding a
    new NNTP server (bmo#1845464)
  * fixed: "Download all headers" option in NNTP "Download
    Headers" dialog was incorrectly selected by default
    (bmo#1845457)
  * fixed: "Convert to event/task" was missing from mail context
    menu (bmo#1817705)
  * fixed: Events and tasks were not shown in some cases despite
    being present on remote server (bmo#1827100)
  * fixed: Various visual and UX improvements
    (bmo#1844244,bmo#1845645)

- Mozilla Thunderbird 115.1.1
  * fixed: Some HTML emails printed headers on first page and
    message on subsequent pages (bmo#1843628)
  * fixed: Deleting messages from message list sometimes scrolled
    list to bottom, selecting bottommost message (bmo#1835173)
  * fixed: Width of icon columns (like Junk or Starred) in
    message list did not adjust when UI density was changed
    (bmo#1843014)
  * fixed: Old OpenPGP secret keys could not be used to decrypt
    messages under certain circumstances (bmo#1835786)
  * fixed: When multiple folder modes were active, tab focus
    navigated through all folder mode options before reaching
    message list (bmo#1842060)
  * fixed: Unread message count badge was not displayed on parent
    folders of subfolder containing unread messages (bmo#1844534)
  * fixed: "Undo archive" (via Ctrl-Z) did not un-archive
    previously archived messages (bmo#1829340)
  * fixed: "New" button dropdown menu in "Message Filters" dialog
    could not be opened via keyboard navigation (bmo#1843511)
  * fixed: "Show New Mail Alert for" input field in "Customize
    New Mail Alert" dialog had zero width when using certain
    language packs (bmo#1845832)
  * fixed: "Account Wizard" dialog was too narrow when adding a
    news server, partially hiding confirmation buttons
    (bmo#1846588)
  * fixed: Link Properties and Image Properties dialogs in the
    composer were too wide (bmo#1816850)
  * fixed: Thunderbird version number and details in "About"
    dialog were not automatically read by screen readers when
    first opening dialog (bmo#1847078)
  * fixed: Flatpak improvements and bug fixes
    (bmo#1825399,bmo#1843094,bmo#1843097)
  * fixed: Various visual and UX improvements (bmo#1846262)
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.30645

Places