Request 1062396: Submit MozillaThunderbird - openSUSE Build Service

Overview

Request 1062396 accepted

- Mozilla Thunderbird 102.7.1
* Microsoft Office 365 accounts were unable to authenticate
* https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
MFSA 2023-04
* CVE-2023-0430 (bmo#1769000)
Revocation status of S/Mime signature certificates was not checked
- update create-tar.sh

- Mozilla Thunderbird 102.7.0
https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
MFSA 2023-03 (bsc#1207119)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2023-23603 (bmo#1800832)
Calls to console.log allowed bypasing Content
Security Policy via format directive
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)

Created by wrosenauer over 1 year ago
In state accepted

Submit MozillaThunderbird

Comments for request 1062396 0

Login required, please login in order to comment

Request History

wrosenauer created request over 1 year ago

- Mozilla Thunderbird 102.7.1
* Microsoft Office 365 accounts were unable to authenticate
* https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/
MFSA 2023-04
* CVE-2023-0430 (bmo#1769000)
Revocation status of S/Mime signature certificates was not checked
- update create-tar.sh

- Mozilla Thunderbird 102.7.0
https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/
MFSA 2023-03 (bsc#1207119)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2023-23598 (bmo#1800425)
Arbitrary file read from GTK drag and drop on Linux
* CVE-2023-23599 (bmo#1777800)
Malicious command could be hidden in devtools output on
Windows
* CVE-2023-23601 (bmo#1794268)
URL being dragged from cross-origin iframe into same tab
triggers navigation
* CVE-2023-23602 (bmo#1800890)
Content Security Policy wasn't being correctly applied to
WebSockets in WebWorkers
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2023-23603 (bmo#1800832)
Calls to console.log allowed bypasing Content
Security Policy via format directive
* CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)

factory-auto added opensuse-review-team as a reviewer over 1 year ago

Please review sources

factory-auto accepted review over 1 year ago

Check script succeeded

dimstar_suse set openSUSE:Factory:Staging:G as a staging project over 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:G"

dimstar_suse accepted review over 1 year ago

Picked "openSUSE:Factory:Staging:G"

dimstar accepted review over 1 year ago

licensedigger accepted review over 1 year ago

ok

dimstar_suse accepted review over 1 year ago

Staging Project openSUSE:Factory:Staging:G got accepted.

dimstar_suse approved review over 1 year ago

Staging Project openSUSE:Factory:Staging:G got accepted.

dimstar_suse accepted request over 1 year ago

Staging Project openSUSE:Factory:Staging:G got accepted.

openSUSE Build Service is sponsored by