Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2025-12-11 18:43:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Thu Dec 11 18:43:12 2025 rev:377 rq:1322223 version:140.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2025-11-18 15:38:25.771888298 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1939/MozillaThunderbird.changes 2025-12-11 18:46:20.326070802 +0100 @@ -1,0 +2,28 @@ +Wed Dec 10 06:48:11 UTC 2025 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 140.6.0 ESR + MFSA 2025-96 (bsc#1254551) + * CVE-2025-14321 (bmo#1992760) + Use-after-free in the WebRTC: Signaling component + * CVE-2025-14322 (bmo#1996473) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2025-14323 (bmo#1996555) + Privilege escalation in the DOM: Notifications component + * CVE-2025-14324 (bmo#1996840) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14325 (bmo#1998050) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14328 (bmo#1996761) + Privilege escalation in the Netmonitor component + * CVE-2025-14329 (bmo#1997018) + Privilege escalation in the Netmonitor component + * CVE-2025-14330 (bmo#1997503) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14331 (bmo#2000218) + Same-origin policy bypass in the Request Handling component + * CVE-2025-14333 (bmo#1966501, bmo#1997639) + Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird + ESR 140.6, Firefox 146 and Thunderbird 146 + +------------------------------------------------------------------- Old: ---- l10n-140.5.0esr.tar.xz thunderbird-140.5.0esr.source.tar.xz thunderbird-140.5.0esr.source.tar.xz.asc New: ---- l10n-140.6.0esr.tar.xz thunderbird-140.6.0esr.source.tar.xz thunderbird-140.6.0esr.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.Vc35oI/_old 2025-12-11 18:48:46.740221313 +0100 +++ /var/tmp/diff_new_pack.Vc35oI/_new 2025-12-11 18:48:46.744221481 +0100 @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.5.0 -%define orig_version 140.5.0 +%define mainver %major.6.0 +%define orig_version 140.6.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} ++++++ l10n-140.5.0esr.tar.xz -> l10n-140.6.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-140.5.0esr.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1939/l10n-140.6.0esr.tar.xz differ: char 15, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.Vc35oI/_old 2025-12-11 18:48:46.980231395 +0100 +++ /var/tmp/diff_new_pack.Vc35oI/_new 2025-12-11 18:48:46.988231731 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.5.0" +VERSION="140.6.0" VERSION_SUFFIX="esr" -REV_VERSION="140.4.0" +REV_VERSION="140.5.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140"; -RELEASE_TAG="6a3011b7161c6f3a36d5116f2608d51b19fb4d58" -RELEASE_TIMESTAMP="20251108022659" +RELEASE_TAG="a9fbb23767a6f5f6b6c07a0b713b18b86a9a169c" +RELEASE_TIMESTAMP="20251208204945" ++++++ thunderbird-140.5.0esr.source.tar.xz -> thunderbird-140.6.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-140.5.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1939/thunderbird-140.6.0esr.source.tar.xz differ: char 15, line 1
