Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
patchinfo.26491
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.26491
<patchinfo incident="26491"> <issue tracker="bnc" id="1203477">VUL-0: MozillaFirefox / MozillaThunderbird: update to 105 and 102.3esr</issue> <issue tracker="bnc" id="1204411">VUL-0: MozillaThunderbird: update to 102.3.1 (MFSA2022-43)</issue> <issue tracker="bnc" id="1204421">VUL-0: MozillaFirefox / MozillaThunderbird: update to 106 and 102.4esr</issue> <issue tracker="cve" id="2022-3155"/> <issue tracker="cve" id="2022-40957"/> <issue tracker="cve" id="2022-3266"/> <issue tracker="cve" id="2022-40962"/> <issue tracker="cve" id="2022-39250"/> <issue tracker="cve" id="2022-40959"/> <issue tracker="cve" id="2022-39251"/> <issue tracker="cve" id="2022-40956"/> <issue tracker="cve" id="2022-39249"/> <issue tracker="cve" id="2022-40960"/> <issue tracker="cve" id="2022-39236"/> <issue tracker="cve" id="2022-40958"/> <packager>MSirringhaus</packager> <rating>important</rating> <category>security</category> <summary>Security update for MozillaThunderbird</summary> <description>This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: "Publish Calendar" did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements - Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) - Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499) - Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue - Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained "undefined" (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with "Fetch headers only" set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: "File -> New -> Address Book Contact" from Compose window did not work (bmo#1782418) * fixed: Attach "My vCard" option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated "Department" field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor