Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2025-10-18 14:36:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Sat Oct 18 14:36:51 2025 rev:374 rq:1312139 version:140.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2025-10-03 15:46:49.004992548 +0200 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.18484/MozillaThunderbird.changes 2025-10-18 14:38:51.469037042 +0200 @@ -1,0 +2,38 @@ +Sat Oct 18 05:29:10 UTC 2025 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 140.4.0 ESR + * Account Hub is now disabled by default for second email account + * Users could not read mail signed with OpenPGP v6 and PQC keys + * Image preview in Insert Image dialog failed with CSP error for web resources + * Emptying trash on exit did not work with some providers + * Thunderbird could crash when applying filters + * Users were unable to override expired mail server certificate + * Opening Website header link in RSS feed incorrectly re-encoded + URL parameters + MFSA 2025-85 (bsc#1251263) + * CVE-2025-11708 (bmo#1988931) + Use-after-free in MediaTrackGraphImpl::GetInstance() + * CVE-2025-11709 (bmo#1989127) + Out of bounds read/write in a privileged process triggered by + WebGL textures + * CVE-2025-11710 (bmo#1989899) + Cross-process information leaked due to malicious IPC + messages + * CVE-2025-11711 (bmo#1989978) + Some non-writable Object properties could be modified + * CVE-2025-11712 (bmo#1979536) + An OBJECT tag type attribute overrode browser behavior on web + resources without a content-type + * CVE-2025-11713 (bmo#1986142) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, + bmo#1991040, bmo#1992113) + Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR + 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, + bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) + Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird + ESR 140.4, Firefox 144 and Thunderbird 144 + +------------------------------------------------------------------- Old: ---- l10n-140.3.1esr.tar.xz thunderbird-140.3.1esr.source.tar.xz thunderbird-140.3.1esr.source.tar.xz.asc New: ---- l10n-140.4.0esr.tar.xz thunderbird-140.4.0esr.source.tar.xz thunderbird-140.4.0esr.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.18n84v/_old 2025-10-18 14:39:06.001644994 +0200 +++ /var/tmp/diff_new_pack.18n84v/_new 2025-10-18 14:39:06.005645162 +0200 @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.3.1 -%define orig_version 140.3.1 +%define mainver %major.4.0 +%define orig_version 140.4.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} ++++++ l10n-140.3.1esr.tar.xz -> l10n-140.4.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.18n84v/_old 2025-10-18 14:39:06.301657545 +0200 +++ /var/tmp/diff_new_pack.18n84v/_new 2025-10-18 14:39:06.305657712 +0200 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.3.1" +VERSION="140.4.0" VERSION_SUFFIX="esr" -REV_VERSION="140.3.0" +REV_VERSION="140.3.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"; -RELEASE_TAG="92eb5225318ba6425cd177e8ffda37917fbb9444" -RELEASE_TIMESTAMP="20250929214837" +RELEASE_TAG="efb07defaa2d56105675dc1d936af581ebfd8ffa" +RELEASE_TIMESTAMP="20251010020716" ++++++ thunderbird-140.3.1esr.source.tar.xz -> thunderbird-140.4.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-140.3.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.18484/thunderbird-140.4.0esr.source.tar.xz differ: char 15, line 1
