openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0231-1 Rating: important References: #1162777 #1163368 Cross-References: CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
This update for MozillaThunderbird fixes the following issues:
* new: Support for Client Identity IMAP/SMTP Service Extension (bmo#1532388) * new: Support for OAuth 2.0 authentication for POP3 accounts (bmo#1538409) * fixed: Status area goes blank during account setup (bmo#1593122) * fixed: Calendar: Could not remove color for default categories (bmo#1584853) * fixed: Calendar: Prevent calendar component loading multiple times (bmo#1606375) * fixed: Calendar: Today pane did not retain width between sessions (bmo#1610207) * unresolved: When upgrading from Thunderbird version 60 to version 68, add-ons are not automatically updated during the upgrade process. They will however be updated during the add- on update check. It is of course possible to reinstall compatible add-ons via the Add-ons Manager or via addons.thunderbird.net. (bmo#1574183) * changed: Calendar: Task and Event tree colours adjusted for the dark theme (bmo#1608344) * fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773) * fixed: Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set (bmo#1609690) * fixed: Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout (bmo#1222046) * fixed: Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened (bmo#1608407)
This update was imported from the SUSE:SLE-15:Update update project.
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-231=1
- openSUSE Leap 15.1 (x86_64):
MozillaThunderbird-68.5.0-lp18.104.22.168 MozillaThunderbird-debuginfo-68.5.0-lp22.214.171.124 MozillaThunderbird-debugsource-68.5.0-lp126.96.36.199 MozillaThunderbird-translations-common-68.5.0-lp188.8.131.52 MozillaThunderbird-translations-other-68.5.0-lp184.108.40.206
https://www.suse.com/security/cve/CVE-2020-6792.html https://www.suse.com/security/cve/CVE-2020-6793.html https://www.suse.com/security/cve/CVE-2020-6794.html https://www.suse.com/security/cve/CVE-2020-6795.html https://www.suse.com/security/cve/CVE-2020-6797.html https://www.suse.com/security/cve/CVE-2020-6798.html https://www.suse.com/security/cve/CVE-2020-6800.html https://bugzilla.suse.com/1162777 https://bugzilla.suse.com/1163368