Hello community, here is the log from the commit of package MozillaThunderbird for openSUSE:Factory checked in at 2020-03-24 22:31:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaThunderbird (Old) and /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaThunderbird" Tue Mar 24 22:31:06 2020 rev:228 rq:787142 version:68.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaThunderbird/MozillaThunderbird.changes 2020-02-14 16:24:07.671150050 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3160/MozillaThunderbird.changes 2020-03-24 22:31:22.217059992 +0100 @@ -1,0 +2,25 @@ +Sat Mar 14 13:16:23 UTC 2020 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Thunderbird 68.6.0 + MFSA 2020-10 (bsc#1166238) + * CVE-2020-6805 (bmo#1610880) + Use-after-free when removing data about origins + * CVE-2020-6806 (bmo#1612308) + BodyStream::OnInputStreamReady was missing protections against + state confusion + * CVE-2020-6807 (bmo#1614971) + Use-after-free in cubeb during stream destruction + * CVE-2020-6811 (bmo#1607742) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2019-20503 (bmo#1613765) + Out of bounds reads in sctp_load_addresses_from_init + * CVE-2020-6812 (bmo#1616661) + The names of AirPods with personally identifiable information + were exposed to websites with camera or microphone permission + * CVE-2020-6814 (bmo#1592078, bmo#1604847, bmo#1608256, bmo#1612636, + bmo#1614339) + Memory safety bugs fixed in Thunderbird 68.6 +- requires NSS >= 3.44.3 + +------------------------------------------------------------------- Old: ---- l10n-68.5.0.tar.xz thunderbird-68.5.0.source.tar.xz thunderbird-68.5.0.source.tar.xz.asc New: ---- l10n-68.6.0.tar.xz thunderbird-68.6.0.source.tar.xz thunderbird-68.6.0.source.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaThunderbird.spec ++++++ --- /var/tmp/diff_new_pack.CG0CUh/_old 2020-03-24 22:31:39.613068732 +0100 +++ /var/tmp/diff_new_pack.CG0CUh/_new 2020-03-24 22:31:39.617068734 +0100 @@ -26,8 +26,8 @@ # major 69 # mainver %major.99 %define major 68 -%define mainver %major.5.0 -%define orig_version 68.5.0 +%define mainver %major.6.0 +%define orig_version 68.6.0 %define orig_suffix %{nil} %define update_channel release %define source_prefix thunderbird-%{mainver} @@ -77,7 +77,7 @@ BuildRequires: libnotify-devel BuildRequires: memory-constraints BuildRequires: mozilla-nspr-devel >= 4.21 -BuildRequires: mozilla-nss-devel >= 3.44.1 +BuildRequires: mozilla-nss-devel >= 3.44.3 BuildRequires: nasm >= 2.13 BuildRequires: nodejs8 >= 8.11 BuildRequires: python-devel ++++++ l10n-68.5.0.tar.xz -> l10n-68.6.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/l10n-68.5.0.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3160/l10n-68.6.0.tar.xz differ: char 26, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.CG0CUh/_old 2020-03-24 22:31:39.889068870 +0100 +++ /var/tmp/diff_new_pack.CG0CUh/_new 2020-03-24 22:31:39.905068878 +0100 @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr68" -VERSION="68.5.0" +VERSION="68.6.0" VERSION_SUFFIX="" -PREV_VERSION="68.4.2" +PREV_VERSION="68.5.0" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr68"; -RELEASE_TAG="c25a4ce1e7569bddaafbdbc8ff09de82d852303a" -RELEASE_TIMESTAMP="20200210021033" +RELEASE_TAG="5b1af38dba8628ef5ff2c395dc62fb10d52aa012" +RELEASE_TIMESTAMP="20200310192757" ++++++ thunderbird-68.5.0.source.tar.xz -> thunderbird-68.6.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaThunderbird/thunderbird-68.5.0.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaThunderbird.new.3160/thunderbird-68.6.0.source.tar.xz differ: char 15, line 1
