Mailinglist Archive: opensuse-factory (377 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20200805 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Fri, 07 Aug 2020 00:01:39 +0000
  • Message-id: <159675849964.6047.2384784687776566261@go-agent-stagingbot-4>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

Please do not reply to this email to report issues, rather file a bug
on For more information on filing bugs please

Packages changed:
MozillaThunderbird (68.10.0 -> 68.11.0)
sssd (2.3.0 -> 2.3.1)
transactional-update (2.22 -> 2.23)
xfwm4 (4.14.3 -> 4.14.4)

=== Details ===

==== MozillaThunderbird ====
Version update (68.10.0 -> 68.11.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 68.11.0
* fixed: FileLink attachments included as a link and file when
added from a network drive via drag & drop (bmo#793118)
MFSA 2020-35 (bsc#1174538)
* CVE-2020-15652 (bmo#1634872)
Potential leak of redirect targets when loading scripts in a
* CVE-2020-6514 (bmo#1642792)
WebRTC data channel leaks internal address to peer
* CVE-2020-6463 (bmo#1635293)
Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787,
Memory safety bugs fixed in Thunderbird 68.11

==== libX11 ====
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1

- U_006-Fix-size-calculation-in-_XimAttributeToValue.patch:
* Regression fix in previous XIM client head overflow fixes
(CVE-2020-14344, bsc#1174628)
- U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch,
* XIM client heap overflows (CVE-2020-14344, bsc#1174628)

==== sssd ====
Version update (2.3.0 -> 2.3.1)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit
sssd-krb5-common sssd-ldap

- Update to release 2.3.1
* Domains can be now explicitly enabled or disabled using
enable option in domain section. This can be especially used
in configuration snippets.
* New configuration options memcache_size_passwd,
memcache_size_group, memcache_size_initgroups that can be
used to control memory cache size.
* Fixed several regressions in GPO processing introduced in
* Fixed regression in PAM responder: failures in cache only
lookups are no longer considered fatal.
* Fixed regression in proxy provider: pwfield=x is now default
value only for sssd-shadowutils target.
- sssd-wbclient is obsolete and no longer shipped

==== transactional-update ====
Version update (2.22 -> 2.23)
Subpackages: transactional-update-zypp-config

- Version 2.23
- Add "run" command to be able to execute a single command in a new snapshot
- Add "--drop-if-no-change" option to discard snapshots if no changes were
perfomed (BETA, required for Salt integration)
- Removed previous CaaSP Salt support (gh#openSUSE/transactional-update#33)
- Avoid "file not found" message on systems without /var subvol

==== xfwm4 ====
Version update (4.14.3 -> 4.14.4)
Subpackages: xfwm4-lang

- Update to version 4.14.4
* Fix a crash on FreeBSD (gxo#xfce/xfwm4#411)
* Fix compilation warning due to g_type_class_add_private deprecation

==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk

- U_FixForZDI-11426.patch
* Leak of uninitialized heap memory form the X server to clients
on pixmap allocation (ZDI-CAN-11426, CVE-2020-14347, bsc#1174633)

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages