{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.2.1-3.58.1","MozillaThunderbird-translations-common":"68.2.1-3.58.1","MozillaThunderbird-translations-other":"68.2.1-3.58.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.2.1-3.58.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.2.1-3.58.1","MozillaThunderbird-translations-common":"68.2.1-3.58.1","MozillaThunderbird-translations-other":"68.2.1-3.58.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15 SP1","name":"MozillaThunderbird","purl":"pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.2.1-3.58.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird to version 68.2.1 provides the following fixes:\n\n- Security issues fixed (bsc#1154738):\n  * CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).\n  * CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).\n  * CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).\n  * CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).\n  * CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).\n  * CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).\n  * CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).\n  * CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).\n  * CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).\n\nOther fixes (bsc#1153879):\n  * Some attachments couldn't be opened in messages originating from MS Outlook 2016.\n  * Address book import from CSV.\n  * Performance problem in message body search.\n  * Ctrl+Enter to send a message would open an attachment if the attachment pane had focus.\n  * Calendar: Issues with 'Today Pane' start-up.\n  * Calendar: Glitches with custom repeat and reminder number input.\n  * Calendar: Problems with WCAP provider.\n  * A language for the user interface can now be chosen in\n    the advanced settings  \n  * Fixed an issue with Google authentication (OAuth2)\n  * Fixed an issue where selected or unread messages were not \n    shown in the correct color in the thread pane under some\n    circumstances\n  * Fixed an issue where when using a language pack, names of \n    standard folders were not localized (bsc#1149126)\n  * Fixed an issue where the address book default startup directory \n    in preferences panel not persisted\n  * Fixed various visual glitches\n  * Fixed issues with the  chat\n  * Fixed building with rust >= 1.38.\n  * Fixrd LTO build without PGO.\n  * Removed kde.js since disabling instantApply breaks extensions and is now obsolete with\n    the move to HTML views for preferences. (bsc#1151186)\n  * Updated create-tar.sh. (bsc#1152778)\n  * Deactivated the crashreporter for the last remaining arch.\n","id":"SUSE-SU-2019:2912-1","modified":"2019-11-07T10:31:34Z","published":"2019-11-07T10:31:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192912-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149126"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149429"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151186"},{"type":"REPORT","url":"https://bugzilla.suse.com/1152778"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153879"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154738"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11759"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11764"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15903"}],"related":["CVE-2019-11757","CVE-2019-11758","CVE-2019-11759","CVE-2019-11760","CVE-2019-11761","CVE-2019-11762","CVE-2019-11763","CVE-2019-11764","CVE-2019-15903"],"summary":"Recommended update for MozillaThunderbird","upstream":["CVE-2019-11757","CVE-2019-11758","CVE-2019-11759","CVE-2019-11760","CVE-2019-11761","CVE-2019-11762","CVE-2019-11763","CVE-2019-11764","CVE-2019-15903"]}