Package thunderbird: Information

Default inline alert: Version in the repository: 102.11.0-alt0.c9.1

Source package: thunderbird

Version: 102.7.1-alt1

Build time: Jul 11, 2023, 11:11 PM in the task #319683

Category: Networking/Mail

Report package bug

Gear: https://git.altlinux.org/gears/t/thunderbird.git?a=tree;hb=9002e…

Home page: https://www.thunderbird.net

License: MPL-2.0

Summary: Thunderbird is Mozilla's e-mail client

Description:

Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes
emailing safer, faster and easier than ever before and can also scale to meet
the most sophisticated organizational needs.

The package contains Lightning - an integrated calendar for Thunderbird.

List of rpms provided by this srpm:
rpm-build-thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird (x86_64, ppc64le, i586, aarch64)
thunderbird-wayland (x86_64, ppc64le, i586, aarch64)

Maintainer: Andrey Cherepanov

List of contributors:
Pavel Vasenkov
Andrey Cherepanov
Aleksei Nikiforov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov

Build dependencies:

Feb. 3, 2023 Pavel Vasenkov 102.7.1-alt1

- New version.
- Security fixes:
  + CVE-2023-0430 Revocation status of S/Mime signature certificates was not checked

Jan. 24, 2023 Pavel Vasenkov 102.7.0-alt1

- New version.
- Security fixes:
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Thunderbird 102.7

Dec. 23, 2022 Pavel Vasenkov 102.6.1-alt1

- New version.
- Security fixes:
  + CVE-2022-46874 Drag and Dropped Filenames could have been truncated to malicious extensions

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla

Version: v24.4.2