Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2016-12-04 15:05:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "MozillaThunderbird" Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2016-11-22 18:57:21.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new/MozillaThunderbird.changes 2016-12-04 15:05:53.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Dec 1 09:58:57 UTC 2016 - astieger@suse.com + +- Mozilla Thunderbird 45.5.1: + * CVE-2016-9079: SVG Animation Remote Code Execution + (MFSA 2016-92, bsc#1012964, bmo#1321066) + +------------------------------------------------------------------- @@ -4,0 +12,13 @@ + * Fixes for security flaws that cannot be exploited through email + because scripting is disabled when reading mail, but are + potentially risks in browser or browser-like contexts: + CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 + (bsc#1010411) + CVE-2016-5297: Incorrect argument length checking in Javascript + (bsc#1010401) + CVE-2016-9066: Integer overflow leading to a buffer overflow in + nsScriptLoadHandler (bsc#1010404) + CVE-2016-5291: Same-origin policy violation using local HTML file + and saved shortcut file (bsc#1010410) + CVE-2016-5290: Memory safety bugs fixed in Thunderbird ESR 45.5 + (bsc#1010427) Old: ---- l10n-45.5.0.tar.xz thunderbird-45.5.0-source.tar.xz New: ---- l10n-45.5.1.tar.xz thunderbird-45.5.1-source.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.95n08a/_old 2016-12-04 15:06:07.000000000 +0100 +++ /var/tmp/diff_new_pack.95n08a/_new 2016-12-04 15:06:07.000000000 +0100 @@ -17,9 +17,9 @@ # -%define mainversion 45.5.0 +%define mainversion 45.5.1 %define update_channel release -%define releasedate 2016111800 +%define releasedate 2016113000 %if %suse_version > 1310 %define gstreamer_ver 1.0 ++++++ compare-locales.tar.xz ++++++ ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.95n08a/_old 2016-12-04 15:06:07.000000000 +0100 +++ /var/tmp/diff_new_pack.95n08a/_new 2016-12-04 15:06:07.000000000 +0100 @@ -2,8 +2,8 @@ CHANNEL="esr45" BRANCH="releases/comm-$CHANNEL" -RELEASE_TAG="THUNDERBIRD_45_5_0_RELEASE" -VERSION="45.5.0" +RELEASE_TAG="THUNDERBIRD_45_5_1_RELEASE" +VERSION="45.5.1" echo "cloning $BRANCH..." hg clone http://hg.mozilla.org/$BRANCH thunderbird ++++++ l10n-45.5.0.tar.xz -> l10n-45.5.1.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-45.5.0.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new/l10n-45.5.1.tar.xz differ: char 26, line 1 ++++++ thunderbird-45.5.0-source.tar.xz -> thunderbird-45.5.1-source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-45.5.0-source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new/thunderbird-45.5.1-source.tar.xz differ: char 27, line 1