Oval Definition:	oval:org.opensuse.security:def:53885
Revision Date: 2020-12-01 Version: 1 Title: Security update for MozillaThunderbird (Important) Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 68.5 (bsc#1162777) MFSA 2020-07 (bsc#1163368) * CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain email messages * CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords * CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with multiple signatures * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on uninitialized data * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Thunderbird 68.5 * new: Support for Client Identity IMAP/SMTP Service Extension (bmo#1532388) * new: Support for OAuth 2.0 authentication for POP3 accounts (bmo#1538409) * fixed: Status area goes blank during account setup (bmo#1593122) * fixed: Calendar: Could not remove color for default categories (bmo#1584853) * fixed: Calendar: Prevent calendar component loading multiple times (bmo#1606375) * fixed: Calendar: Today pane did not retain width between sessions (bmo#1610207) * unresolved: When upgrading from Thunderbird version 60 to version 68, add-ons are not automatically updated during the upgrade process. They will however be updated during the add- on update check. It is of course possible to reinstall compatible add-ons via the Add-ons Manager or via addons.thunderbird.net. (bmo#1574183) * changed: Calendar: Task and Event tree colours adjusted for the dark theme (bmo#1608344) * fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773) * fixed: Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set (bmo#1609690) * fixed: Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout (bmo#1222046) * fixed: Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened (bmo#1608407) Family: unix Class: patch Status: Reference(s): 1000106 1003030 1003032 1004981 1005004 1005005 1007157 1007941 1009100 1009103 1009104 1009105 1009107 1009108 1009109 1009111 1011652 1012143 1017189 1031056 1036785 1048783 1049505 1051017 1052151 1053600 1056127 1056128 1056129 1056131 1056132 1056136 1069222 1069226 1074186 1077993 1078806 1078813 1092480 1162777 1163368 864391 864655 864769 864805 864811 877642 897654 901508 902737 924018 927556 927607 927608 927746 928393 928533 945404 945989 952051 954872 954980 956829 957162 957698 957988 958007 958009 958331 958491 958523 958917 959005 959332 959387 959695 960334 960707 960725 960835 960861 960862 961332 961358 961691 962320 963782 963923 964413 965315 965317 967012 967013 967969 969121 969122 969350 983440 CVE-2009-2666 CVE-2010-1167 CVE-2011-1947 CVE-2011-3389 CVE-2012-1152 CVE-2012-3482 CVE-2013-4533 CVE-2013-4534 CVE-2013-4537 CVE-2013-4538 CVE-2013-4539 CVE-2013-6393 CVE-2014-0222 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2014-2525 CVE-2014-3640 CVE-2014-3689 CVE-2014-5461 CVE-2014-7815 CVE-2014-9130 CVE-2014-9718 CVE-2015-1779 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 CVE-2015-5278 CVE-2015-6855 CVE-2015-7512 CVE-2015-7542 CVE-2015-7549 CVE-2015-7981 CVE-2015-7995 CVE-2015-8126 CVE-2015-8345 CVE-2015-8504 CVE-2015-8550 CVE-2015-8554 CVE-2015-8555 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2015-9019 CVE-2016-10714 CVE-2016-1568 CVE-2016-1570 CVE-2016-1571 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2270 CVE-2016-2271 CVE-2016-2391 CVE-2016-2392 CVE-2016-2538 CVE-2016-2841 CVE-2016-4738 CVE-2016-5131 CVE-2016-5319 CVE-2016-7777 CVE-2016-7908 CVE-2016-7909 CVE-2016-8667 CVE-2016-8669 CVE-2016-8910 CVE-2016-9377 CVE-2016-9378 CVE-2016-9379 CVE-2016-9380 CVE-2016-9381 CVE-2016-9382 CVE-2016-9383 CVE-2016-9384 CVE-2016-9385 CVE-2016-9386 CVE-2016-9637 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-15412 CVE-2017-17942 CVE-2017-18205 CVE-2017-5029 CVE-2017-5130 CVE-2017-8816 CVE-2017-8817 CVE-2018-1071 CVE-2018-10779 CVE-2018-1083 CVE-2018-7549 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6797 CVE-2020-6798 CVE-2020-6800 SUSE-SU-2015:0990-1 SUSE-SU-2015:2024-1 SUSE-SU-2016:0873-1 SUSE-SU-2016:3067-1 SUSE-SU-2017:2697-1 SUSE-SU-2018:0072-1 SUSE-SU-2018:0120-1 SUSE-SU-2018:0122-1 SUSE-SU-2018:0401-1 SUSE-SU-2018:2836-1 SUSE-SU-2020:0385-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information ghostscript-9.23-lp150.1 is installed OR ghostscript-x11-9.23-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information dhcp-4.2.4.P2-0.11.13 is installed OR dhcp-client-4.2.4.P2-0.11.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-38.5.0esr-28 is installed OR MozillaFirefox-translations-38.5.0esr-28 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information java-1_7_0-openjdk-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-demo-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-devel-1.7.0.95-0.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND fetchmail-6.3.26-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information xen-4.5.2_06-7 is installed OR xen-kmp-default-4.5.2_06_k3.12.53_60.30-7 is installed OR xen-libs-4.5.2_06-7 is installed OR xen-libs-32bit-4.5.2_06-7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information xen-4.7.1_02-25 is installed OR xen-libs-4.7.1_02-25 is installed OR xen-libs-32bit-4.7.1_02-25 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libtiff5-4.0.9-44.21 is installed OR libtiff5-32bit-4.0.9-44.21 is installed OR tiff-4.0.9-44.21 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information liblua5_2-5.2.4-6 is installed OR lua-5.2.4-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND coolkey-1.1.0-147 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_62-60_64_8-default-10-2 is installed OR kgraft-patch-3_12_62-60_64_8-xen-10-2 is installed OR kgraft-patch-SLE12-SP1_Update_8-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libusbmuxd4-1.0.10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND wget-1.14-21.10 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information java-1_8_0-openjdk-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-demo-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-devel-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-headless-1.8.0.181-27.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information openslp-2.0.0-18.17 is installed OR openslp-32bit-2.0.0-18.17 is installed OR openslp-server-2.0.0-18.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND hardlink-1.0-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_175-94_79-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_23-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information ibus-1.5.13-15.11 is installed OR ibus-gtk-1.5.13-15.11 is installed OR ibus-gtk3-1.5.13-15.11 is installed OR ibus-lang-1.5.13-15.11 is installed OR libibus-1_0-5-1.5.13-15.11 is installed OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information gdk-pixbuf-2.34.0-19.17 is installed OR gdk-pixbuf-lang-2.34.0-19.17 is installed OR gdk-pixbuf-query-loaders-2.34.0-19.17 is installed OR gdk-pixbuf-query-loaders-32bit-2.34.0-19.17 is installed OR libgdk_pixbuf-2_0-0-2.34.0-19.17 is installed OR libgdk_pixbuf-2_0-0-32bit-2.34.0-19.17 is installed OR typelib-1_0-GdkPixbuf-2_0-2.34.0-19.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information curl-7.60.0-2 is installed OR libcurl4-7.60.0-2 is installed OR libcurl4-32bit-7.60.0-2 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-68.5.0-3.71 is installed OR MozillaThunderbird-translations-common-68.5.0-3.71 is installed OR MozillaThunderbird-translations-other-68.5.0-3.71 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-requests-2.8.1-6.9 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openssh-7.2p2-74.35 is installed OR openssh-askpass-gnome-7.2p2-74.35 is installed OR openssh-fips-7.2p2-74.35 is installed OR openssh-helpers-7.2p2-74.35 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libpcap-1.8.1-10.3 is installed OR libpcap1-1.8.1-10.3 is installed OR tcpdump-4.9.2-14.14 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information LibVNCServer-0.9.9-17.19 is installed OR libvncclient0-0.9.9-17.19 is installed OR libvncserver0-0.9.9-17.19 is installed
BACK