Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2022-11-17 17:24:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Thu Nov 17 17:24:06 2022 rev:298 rq:1036233 version:102.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2022-11-06 12:41:59.333305314 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1597/MozillaThunderbird.changes 2022-11-17 17:24:14.544982252 +0100 @@ -1,0 +2,34 @@ +Sat Nov 12 22:48:04 UTC 2022 - Wolfgang Rosenauer <w...@rosenauer.org> + +- Mozilla Thunderbird 102.5.0 + * changes and fixes as described here + https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes + MFSA 2022-49 (bsc#1205270) + * CVE-2022-45403 (bmo#1762078) + Service Workers might have learned size of cross-origin media files + * CVE-2022-45404 (bmo#1790815) + Fullscreen notification bypass + * CVE-2022-45405 (bmo#1791314) + Use-after-free in InputStream implementation + * CVE-2022-45406 (bmo#1791975) + Use-after-free of a JavaScript Realm + * CVE-2022-45408 (bmo#1793829) + Fullscreen notification bypass via windowName + * CVE-2022-45409 (bmo#1796901) + Use-after-free in Garbage Collection + * CVE-2022-45410 (bmo#1658869) + ServiceWorker-intercepted requests bypassed SameSite cookie policy + * CVE-2022-45411 (bmo#1790311) + Cross-Site Tracing was possible via non-standard override headers + * CVE-2022-45412 (bmo#1791029) + Symlinks may resolve to partially uninitialized buffers + * CVE-2022-45416 (bmo#1793676) + Keystroke Side-Channel Leakage + * CVE-2022-45418 (bmo#1795815) + Custom mouse cursor could have been drawn over browser UI + * CVE-2022-45420 (bmo#1792643) + Iframe contents could be rendered outside the iframe + * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) + Memory safety bugs fixed in Thunderbird 102.5 + +------------------------------------------------------------------- Old: ---- l10n-102.4.2.tar.xz thunderbird-102.4.2.source.tar.xz thunderbird-102.4.2.source.tar.xz.asc New: ---- l10n-102.5.0.tar.xz thunderbird-102.5.0.source.tar.xz thunderbird-102.5.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.iEHv61/_old 2022-11-17 17:24:23.725030816 +0100 +++ /var/tmp/diff_new_pack.iEHv61/_new 2022-11-17 17:24:23.733030858 +0100 @@ -29,8 +29,8 @@ # major 69 # mainver %major.99 %define major 102 -%define mainver %major.4.2 -%define orig_version 102.4.2 +%define mainver %major.5.0 +%define orig_version 102.5.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{orig_version} ++++++ l10n-102.4.2.tar.xz -> l10n-102.5.0.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.iEHv61/_old 2022-11-17 17:24:24.105032826 +0100 +++ /var/tmp/diff_new_pack.iEHv61/_new 2022-11-17 17:24:24.109032847 +0100 @@ -1,11 +1,11 @@ PRODUCT="thunderbird" CHANNEL="esr102" -VERSION="102.4.2" +VERSION="102.5.0" VERSION_SUFFIX="" -PREV_VERSION="102.4.1" +PREV_VERSION="102.4.2" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr102"; -RELEASE_TAG="bece6c033f6b24b9c126598da7c6eb5bc2a48b14" -RELEASE_TIMESTAMP="20221101185644" +RELEASE_TAG="b6e9b5a1d1b53d26cfb7032ef2ff02203ab0486b" +RELEASE_TIMESTAMP="20221115143058" ++++++ thunderbird-102.4.2.source.tar.xz -> thunderbird-102.5.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-102.4.2.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.1597/thunderbird-102.5.0.source.tar.xz differ: char 15, line 1
