Request 1036233: Submit MozillaThunderbird - openSUSE Build Service

Overview

Request 1036233 accepted

- Mozilla Thunderbird 102.5.0
* changes and fixes as described here
https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
MFSA 2022-49 (bsc#1205270)
* CVE-2022-45403 (bmo#1762078)
Service Workers might have learned size of cross-origin media files
* CVE-2022-45404 (bmo#1790815)
Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314)
Use-after-free in InputStream implementation
* CVE-2022-45406 (bmo#1791975)
Use-after-free of a JavaScript Realm
* CVE-2022-45408 (bmo#1793829)
Fullscreen notification bypass via windowName
* CVE-2022-45409 (bmo#1796901)
Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869)
ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311)
Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412 (bmo#1791029)
Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45416 (bmo#1793676)
Keystroke Side-Channel Leakage
* CVE-2022-45418 (bmo#1795815)
Custom mouse cursor could have been drawn over browser UI
* CVE-2022-45420 (bmo#1792643)
Iframe contents could be rendered outside the iframe
* CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
Memory safety bugs fixed in Thunderbird 102.5

Created by wrosenauer over 1 year ago
In state accepted

Submit MozillaThunderbird

Comments for request 1036233 0

Login required, please login in order to comment

Request History

wrosenauer created request over 1 year ago

- Mozilla Thunderbird 102.5.0
* changes and fixes as described here
https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes
MFSA 2022-49 (bsc#1205270)
* CVE-2022-45403 (bmo#1762078)
Service Workers might have learned size of cross-origin media files
* CVE-2022-45404 (bmo#1790815)
Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314)
Use-after-free in InputStream implementation
* CVE-2022-45406 (bmo#1791975)
Use-after-free of a JavaScript Realm
* CVE-2022-45408 (bmo#1793829)
Fullscreen notification bypass via windowName
* CVE-2022-45409 (bmo#1796901)
Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869)
ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311)
Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412 (bmo#1791029)
Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45416 (bmo#1793676)
Keystroke Side-Channel Leakage
* CVE-2022-45418 (bmo#1795815)
Custom mouse cursor could have been drawn over browser UI
* CVE-2022-45420 (bmo#1792643)
Iframe contents could be rendered outside the iframe
* CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
Memory safety bugs fixed in Thunderbird 102.5

factory-auto added opensuse-review-team as a reviewer over 1 year ago

Please review sources

factory-auto accepted review over 1 year ago

Check script succeeded

dimstar_suse set openSUSE:Factory:Staging:D as a staging project over 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:D"

dimstar_suse accepted review over 1 year ago

Picked "openSUSE:Factory:Staging:D"

dimstar accepted review over 1 year ago

licensedigger accepted review over 1 year ago

ok

dimstar_suse accepted review over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse approved review over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

dimstar_suse accepted request over 1 year ago

Staging Project openSUSE:Factory:Staging:D got accepted.

openSUSE Build Service is sponsored by