Overview
Request 1007573 accepted
- Mozilla Thunderbird 102.3.1
* Compose window encryption options now only appear for encryption
technologies that have already been configured
* Number of contacts in currently selected address book now
displayed at bottom of Address Book list column
Fixes
* Password prompt did not include server hostname for POP servers
* Edit Contact was missing from Contacts sidebar context menus
* Address Book contact lists cut off display of some characters,
the result being unreadable
MFSA 2022-43
* CVE-2022-39249 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to an
impersonation attack by malicious server administrators
* CVE-2022-39250 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to a device
verification attack
* CVE-2022-39251 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to an
impersonation attack
* CVE-2022-39236 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to a data
corruption issue
- Created by wrosenauer
- In state accepted
Request History
wrosenauer created request
- Mozilla Thunderbird 102.3.1
* Compose window encryption options now only appear for encryption
technologies that have already been configured
* Number of contacts in currently selected address book now
displayed at bottom of Address Book list column
Fixes
* Password prompt did not include server hostname for POP servers
* Edit Contact was missing from Contacts sidebar context menus
* Address Book contact lists cut off display of some characters,
the result being unreadable
MFSA 2022-43
* CVE-2022-39249 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to an
impersonation attack by malicious server administrators
* CVE-2022-39250 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to a device
verification attack
* CVE-2022-39251 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to an
impersonation attack
* CVE-2022-39236 (bmo#1791765)
Matrix SDK bundled with Thunderbird vulnerable to a data
corruption issue
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
favogt_factory set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
favogt_factory accepted review
Picked "openSUSE:Factory:Staging:H"
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:H got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:H got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:H got accepted.
Any chance to move this off Rust 1.60? It's the only consumer of that old (by now EOL) version of rust
The reason why it's currently requiring 1.60 is because that reflects the upstream build chain and therefore is the safest variant to build TB. https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html But I'm just trying to build using 1.63 and if this works I'm fine with lifting the build dep.