{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaThunderbird":"68.2.1-lp151.2.16.1","MozillaThunderbird-translations-common":"68.2.1-lp151.2.16.1","MozillaThunderbird-translations-other":"68.2.1-lp151.2.16.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"MozillaThunderbird","purl":"pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"68.2.1-lp151.2.16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaThunderbird to version 68.2.1 provides the following fixes:\n\n- Security issues fixed (bsc#1154738):\n  * CVE-2019-15903: Fixed a heap overflow in the expat library (bsc#1149429).\n  * CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB (bsc#1154738).\n  * CVE-2019-11758: Fixed a potentially exploitable crash due to 360 Total Security (bsc#1154738).\n  * CVE-2019-11759: Fixed a stack buffer overflow in HKDF output (bsc#1154738).\n  * CVE-2019-11760: Fixed a stack buffer overflow in WebRTC networking (bsc#1154738).\n  * CVE-2019-11761: Fixed an unintended access to a privileged JSONView object (bsc#1154738).\n  * CVE-2019-11762: Fixed a same-origin-property violation (bsc#1154738).\n  * CVE-2019-11763: Fixed an XSS bypass (bsc#1154738).\n  * CVE-2019-11764: Fixed several memory safety bugs (bsc#1154738).\n\nOther fixes (bsc#1153879):\n  * Some attachments couldn't be opened in messages originating from MS Outlook 2016.\n  * Address book import from CSV.\n  * Performance problem in message body search.\n  * Ctrl+Enter to send a message would open an attachment if the attachment pane had focus.\n  * Calendar: Issues with 'Today Pane' start-up.\n  * Calendar: Glitches with custom repeat and reminder number input.\n  * Calendar: Problems with WCAP provider.\n  * A language for the user interface can now be chosen in\n    the advanced settings  \n  * Fixed an issue with Google authentication (OAuth2)\n  * Fixed an issue where selected or unread messages were not \n    shown in the correct color in the thread pane under some\n    circumstances\n  * Fixed an issue where when using a language pack, names of \n    standard folders were not localized (bsc#1149126)\n  * Fixed an issue where the address book default startup directory \n    in preferences panel not persisted\n  * Fixed various visual glitches\n  * Fixed issues with the  chat\n  * Fixed building with rust >= 1.38.\n  * Fixrd LTO build without PGO.\n  * Removed kde.js since disabling instantApply breaks extensions and is now obsolete with\n    the move to HTML views for preferences. (bsc#1151186)\n  * Updated create-tar.sh. (bsc#1152778)\n  * Deactivated the crashreporter for the last remaining arch.\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2452-1","modified":"2019-11-09T11:21:24Z","published":"2019-11-09T11:21:24Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MOTGZDQMJE6HU6RXRSOTDTGAHLJOOFJB/#MOTGZDQMJE6HU6RXRSOTDTGAHLJOOFJB"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149126"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149429"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151186"},{"type":"REPORT","url":"https://bugzilla.suse.com/1152778"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153879"},{"type":"REPORT","url":"https://bugzilla.suse.com/1154738"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11757"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11758"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11759"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11761"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11763"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11764"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15903"}],"related":["CVE-2019-11757","CVE-2019-11758","CVE-2019-11759","CVE-2019-11760","CVE-2019-11761","CVE-2019-11762","CVE-2019-11763","CVE-2019-11764","CVE-2019-15903"],"summary":"Recommended update for MozillaThunderbird","upstream":["CVE-2019-11757","CVE-2019-11758","CVE-2019-11759","CVE-2019-11760","CVE-2019-11761","CVE-2019-11762","CVE-2019-11763","CVE-2019-11764","CVE-2019-15903"]}