Package thunderbird: Information
Default inline alert: Version in the repository: 115.9.0-alt1
Source package: thunderbird
Version: 78.1.1-alt1
Build time: Aug 31, 2020, 07:56 PM in the task #256264
Category: Networking/Mail
Report package bugHome page: https://www.thunderbird.net
License: MPL-2.0
Summary: Thunderbird is Mozilla's e-mail client
Description:
Thunderbird is Mozilla's next generation e-mail client. Thunderbird makes emailing safer, faster and easier than ever before and can also scale to meet the most sophisticated organizational needs. The package contains Lightning - an integrated calendar for Thunderbird.
List of rpms provided by this srpm:
rpm-build-thunderbird (noarch)
thunderbird (x86_64, ppc64le, i586, armh, aarch64)
thunderbird-enigmail (x86_64, ppc64le, i586, armh, aarch64)
thunderbird-wayland (noarch)
rpm-build-thunderbird (noarch)
thunderbird (x86_64, ppc64le, i586, armh, aarch64)
thunderbird-enigmail (x86_64, ppc64le, i586, armh, aarch64)
thunderbird-wayland (noarch)
Maintainer: Andrey Cherepanov
List of contributors:
Aleksei Nikiforov
Andrey Cherepanov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov
Aleksei Nikiforov
Andrey Cherepanov
Gleb Fotengauer-Malinovskiy
Paul Wolneykien
Anton Farygin
Vladimir Didenko
Alexey Gladkov
Alexey Morozov
Last changed
Aug. 18, 2020 Aleksei Nikiforov 78.1.1-alt1
- Updated to upstream version 78.1.1 (thx to cas@ and sbolshakov@). - Fixes: + CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker + CVE-2020-6514 WebRTC data channel leaks internal address to peer + CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy + CVE-2020-15653 Bypassing iframe sandbox when allowing popups + CVE-2020-6463 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + CVE-2020-15656 Type confusion for special arguments in IonMonkey + CVE-2020-15658 Overriding file type when saving to disk + CVE-2020-15657 DLL hijacking due to incorrect loading path + CVE-2020-15654 Custom cursor can overlay user interface + CVE-2020-15659 Memory safety bugs fixed in Thunderbird 78.1
July 21, 2020 Andrey Cherepanov 78.0-alt1
- New version (78.0). - Fixes: + CVE-2020-12415 AppCache manifest poisoning due to url encoded character processing + CVE-2020-12416 Use-after-free in WebRTC VideoBroadcaster + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner + CVE-2020-12420 Use-After-Free when trying to connect to a STUN server + CVE-2020-15648 X-Frame-Options bypass using object or embed tags + CVE-2020-12402 RSA Key Generation vulnerable to side-channel attack + CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates + CVE-2020-12422 Integer overflow in nsJPEGEncoder::emptyOutputBuffer + CVE-2020-12423 DLL Hijacking due to searching %PATH% for a library + CVE-2020-12424 WebRTC permission prompt could have been bypassed by a compromised content process + CVE-2020-12425 Out of bound read in Date.parse() + CVE-2020-12426 Memory safety bugs fixed in Thunderbird 78 - Build with bundled languages: kk, ru, uk.
July 13, 2020 Andrey Cherepanov 68.10.0-alt1
- New version (68.10.0). - Fixes: + CVE-2020-12417 Memory corruption due to missing sign-extension for ValueTags on ARM64 + CVE-2020-12418 Information disclosure due to manipulated URL object + CVE-2020-12419 Use-after-free in nsGlobalWindowInner + CVE-2020-12420 Use-After-Free when trying to connect to a STUN server + CVE-2020-12421 Add-On updates did not respect the same certificate trust rules as software updates + MFSA-2020-0001 Automatic account setup leaks Microsoft Exchange login credentials - Enigmail 2.1.7.