On 02/05/17 10:44 AM, Carlos E. R. wrote:
On 2017-05-02 15:59, Wolfgang Rosenauer wrote:
Am 02.05.2017 um 15:49 schrieb Carlos E. R.:
A friend has asked me about Thunderbird: apparently upstream has v52, but we are on 45. Maybe it has already been explained on another post? I don't remember.
Tumbleweed or Leap?
Hum. Leap, I think.
(I later noticed 52 was on the mozilla repo)
Indeed: # zypper info MozillaFirefox Information for package MozillaFirefox: --------------------------------------- Repository: openSUSE BuildService - Mozilla Name: MozillaFirefox Version: 53.0-6.3 Arch: x86_64 Vendor: obs://build.opensuse.org/mozilla Installed: Yes Status: out-of-date (version 53.0-6.1 installed) Installed Size: 103.9 MiB Summary: Mozilla Firefox Web Browser "45" to "53" is a big step.
For Tumbleweed an update to 52.0 was in the pipeline for two weeks now. I think one reason why it was delayed is a failing ppc64 build. (I do not even know if it was successful before.) For Leap we do not do version upgrades for the purpose of version upgrades. Version 52.0 did not bring any additional security fixes (which are the main and almost only reason for the version upgrades remember) compared to 45.latest.
* Mon Apr 17 2017 wr@rosenauer.org - update to Firefox 53.0 ......... * Permission notifications have a cleaner design and cannot be easily missed * CVE-2017-5456 (bmo#1344415) Sandbox escape allowing local file system access * CVE-2017-5442 (bmo#1347979) Use-after-free during style changes * CVE-2017-5443 (bmo#1342661) Out-of-bounds write during BinHex decoding * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 * CVE-2017-5464 (bmo#1347075) Memory corruption with accessibility and DOM manipulation * CVE-2017-5465 (bmo#1347617) Out-of-bounds read in ConvolvePixel * CVE-2017-5466 (bmo#1353975) Origin confusion when reloading isolated data:text/html URL * CVE-2017-5467 (bmo#1347262) Memory corruption when drawing Skia content * CVE-2017-5460 (bmo#1343642) Use-after-free in frame selection * CVE-2017-5461 (bmo#1344380) Out-of-bounds write in Base64 encoding in NSS * CVE-2017-5448 (bmo#1346648) Out-of-bounds write in ClearKeyDecryptor * CVE-2017-5449 (bmo#1340127) Crash during bidirectional unicode manipulation with animation * CVE-2017-5446 (bmo#1343505) Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * CVE-2017-5447 (bmo#1343552) Out-of-bounds read during glyph processing * CVE-2017-5444 (bmo#1344461) Buffer overflow while parsing application/http-index-format content * CVE-2017-5445 (bmo#1344467) Uninitialized values used while parsing application/http-index-format content * CVE-2017-5468 (bmo#1329521) Incorrect ownership model for Private Browsing information * CVE-2017-5469 (bmo#1292534) Potential Buffer overflow in flex-generated code * CVE-2017-5440 (bmo#1336832) Use-after-free in txExecutionState destructor during XSLT processing * CVE-2017-5441 (bmo#1343795) Use-after-free with selection during scroll events * CVE-2017-5439 (bmo#1336830) Use-after-free in nsTArray Length() during XSLT processing * CVE-2017-5438 (bmo#1336828) Use-after-free in nsAutoPtr during XSLT processing * CVE-2017-5437 (bmo#1343453) Vulnerabilities in Libevent library * CVE-2017-5436 (bmo#1345461) Out-of-bounds write with malicious font in Graphite 2 * CVE-2017-5435 (bmo#1350683) Use-after-free during transaction processing in the editor * CVE-2017-5434 (bmo#1349946) Use-after-free during focus handling * CVE-2017-5433 (bmo#1347168) Use-after-free in SMIL animation functions * CVE-2017-5432 (bmo#1346654) Use-after-free in text input selection * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * CVE-2017-5459 (bmo#1333858) Buffer overflow in WebGL * CVE-2017-5458 (bmo#1229426) Drag and drop of javascript: URLs can allow for self-XSS * CVE-2017-5455 (bmo#1341191) Sandbox escape through internal feed reader APIs * CVE-2017-5454 (bmo#1349276) Sandbox escape allowing file system read access through file picker Correct me if I'm wrong but aren't those "CVE" things security issues ?
Thunderbird 52.1 which brings additional security fixes was released
Looking at "rpm -q --changelog MozillaFirefox" I see quite a few in * Sat Mar 04 2017 wr@rosenauer.org - update to Firefox 52.0 (boo#1028391) but not many in-between that and "53.0" -- "There are two primary choices in life: to accept conditions as they exist, or accept the responsibility for changing them". -- Denis Waitley. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org