Package thunderbird

Source package: thunderbird
Version: 91.5.0-alt1
Build time:  Jan 20, 2022, 02:04 AM
 in the task #293378
Category: Networking/Mail
Report package bug
Gear: https://git.altlinux.org/gears/t/thunderbird.git?a=tree;hb=88624…
Home page: https://www.thunderbird.net
License:  MPL-2.0
Summary:  Thunderbird is Mozilla's e-mail client
Description: 
Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes
emailing safer, faster and easier than ever before and can also scale to meet
the most sophisticated organizational needs.

The package contains Lightning - an integrated calendar for Thunderbird.
List of rpms provided by this srpm: 
rpm-build-thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird-wayland (x86_64, ppc64le, i586, aarch64)
Maintainer: Andrey Cherepanov
List of contributors: 
Andrey Cherepanov
Aleksei Nikiforov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov
    1. /dev/shm
    2. libvpx-devel
    3. /proc
    4. libcurl-devel
    5. python3-base
    6. libdbus-glib-devel
    7. python3-module-pip
    8. python3-module-setuptools
    9. libdrm-devel
    10. alternatives
    11. python3-modules-sqlite3
    12. libGL-devel
    13. libwireless-devel
    14. libevent-devel
    15. doxygen
    16. autoconf_2.13
    17. autoconf_2.13
    18. libffi-devel
    19. libIDL-devel
    20. libxkbcommon-devel
    21. rpm-build-mozilla.org
    22. browser-plugins-npapi-devel
    23. bzlib-devel
    24. lld12.0-devel
    25. chrpath
    26. llvm12.0-devel
    27. clang12.0-devel
    28. gcc-c++
    29. makedepend
    30. mozilla-common-devel
    31. nasm
    32. node
    33. unzip
    34. libgtk+3-devel >= 3.14
    35. libX11-devel
    36. libXScrnSaver-devel
    37. libXcomposite-devel
    38. xorg-cf-files
    39. libXcursor-devel
    40. libXdamage-devel
    41. yasm
    42. libXext-devel
    43. zip
    44. libhunspell-devel
    45. libXft-devel
    46. libXi-devel
    47. libXt-devel
    48. rust
    49. rust-cargo
    50. libalsa-devel
    51. libjpeg-devel
    52. gst-plugins1.0-devel
    53. libpulseaudio-devel
    54. imake
    55. libstartup-notification-devel
    56. libpixman-devel
    57. libnotify-devel
    58. libnspr-devel
    59. libnss-devel
    60. libnss-devel-static
    61. libstdc++-devel
    62. libproxy-devel
    63. libopus-devel
    64. libotr-devel
Last changes:
Jan. 12, 2022 Andrey Cherepanov 91.5.0-alt1
- New version.
- Security fixes:
  + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof
  + CVE-2022-22743 Browser window spoof using fullscreen mode
  + CVE-2022-22742 Out-of-bounds memory access when inserting text in edit mode
  + CVE-2022-22741 Browser window spoof using fullscreen mode
  + CVE-2022-22740 Use-after-free of ChannelEventQueue::mOwner
  + CVE-2022-22738 Heap-buffer-overflow in blendGaussianBlur
  + CVE-2022-22737 Race condition when playing audio files
  + CVE-2021-4140 Iframe sandbox bypass with XSLT
  + CVE-2022-22748 Spoofed origin on external protocol launch dialog
  + CVE-2022-22745 Leaking cross-origin URLs through securitypolicyviolation event
  + CVE-2022-22744 The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection
  + CVE-2022-22747 Crash when handling empty pkcs7 sequence
  + CVE-2022-22739 Missing throttling on external protocol launch dialog
  + CVE-2022-22751 Memory safety bugs fixed in Thunderbird 91.5
Dec. 21, 2021 Andrey Cherepanov 91.4.1-alt1
- New version.
- Security fixes:
  + CVE-2021-4126 OpenPGP signature status doesn't consider additional message content
  + CVE-2021-44538 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow
Dec. 10, 2021 Andrey Cherepanov 91.4.0-alt1
- New version.
- Security fixes:
  + CVE-2021-43536 URL leakage when navigating while executing asynchronous function
  + CVE-2021-43537 Heap buffer overflow when using structured clone
  + CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both
  + CVE-2021-43539 GC rooting failure when calling wasm instance methods
  + CVE-2021-43541 External protocol handler parameters were unescaped
  + CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
  + CVE-2021-43543 Bypass of CSP sandbox directive when embedding
  + CVE-2021-43545 Denial of Service when using the Location API in a loop
  + CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed
  + CVE-2021-43528 JavaScript unexpectedly enabled for the composition area

Back to Top