Package thunderbird: Information

Default inline alert: Version in the repository: 115.9.0-alt0.c10.1

Source package: thunderbird

Version: 102.2.1-alt1

Build time: Oct 26, 2022, 08:05 PM in the task #307737

Category: Networking/Mail

Report package bug

Gear: https://git.altlinux.org/gears/t/thunderbird.git?a=tree;hb=8db6d…

Home page: https://www.thunderbird.net

License: MPL-2.0

Summary: Thunderbird is Mozilla's e-mail client

Description:

Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes
emailing safer, faster and easier than ever before and can also scale to meet
the most sophisticated organizational needs.

The package contains Lightning - an integrated calendar for Thunderbird.

List of rpms provided by this srpm:
rpm-build-thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird-wayland (x86_64, ppc64le, i586, aarch64)

Maintainer: Andrey Cherepanov

List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Aleksei Nikiforov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov

Build dependencies:

Sept. 6, 2022 Pavel Vasenkov 102.2.1-alt1

- New version.
- Security fixes:
  + CVE-2022-3033 Leaking of sensitive information when composing a response to an HTML email with a META refresh tag
  + CVE-2022-3032 Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked
  + CVE-2022-3034 An iframe element in an HTML email could trigger a network request
  + CVE-2022-36059 Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack

Aug. 24, 2022 Pavel Vasenkov 102.2.0-alt1

- New version.
- Security fixes:
  + CVE-2022-38472 Address bar spoofing via XSLT error handling
  + CVE-2022-38473 Cross-origin XSLT Documents would have inherited the parent's permissions
  + CVE-2022-38476 Data race and potential use-after-free in PK11_ChangePW
  + CVE-2022-38477 Memory safety bugs fixed in Thunderbird 102.2
  + CVE-2022-38478 Memory safety bugs fixed in Thunderbird 102.2, and Thunderbird 91.13

Aug. 1, 2022 Pavel Vasenkov 102.1.0-alt1

- New version.
- Security fixes:
  + CVE-2022-36319 Mouse Position spoofing with CSS transforms
  + CVE-2022-36318 Directory indexes for bundled resources reflected URL parameters
  + CVE-2022-36314 Opening local <code>.lnk</code> files could cause unexpected network loads
  + CVE-2022-2505 Memory safety bugs fixed in Thunderbird 102.1

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla

Version: v24.5.0