Differential D8992

Update Thunderbird to version 68.9.0
AbandonedPublic
Actions

Authored by rad4day on Jun 5 2020, 6:06 PM.

Details

Reviewers

None

Group Reviewers

Triage Team

Summary

Security fixes:

CVE-2020-12399: Timing attack on DSA signatures in NSS library
CVE-2020-12405: Use-after-free in SharedWorkerService
CVE-2020-12406: JavaScript Type confusion with NativeTypes
CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage

Signed-off-by: Tobias Manske <tobias.manske@mailbox.org>

Upstream Summary: https://www.thunderbird.net/en-US/thunderbird/68.9.0/releasenotes/
Security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/

Test Plan

Works fine on the surface level. 68.9.0 is mainly a security update for some high level security vulnerabilities

Diff Detail

Repository

R3035 thunderbird

Branch

master

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

rad4day created this revision.Jun 5 2020, 6:06 PM

Herald added a reviewer: Triage Team. · View Herald TranscriptJun 5 2020, 6:06 PM

rad4day requested review of this revision.Jun 5 2020, 6:06 PM

rad4day edited the summary of this revision. (Show Details)Jun 5 2020, 6:39 PM

I wasn't aware, that the languagepack build process is not deterministic and therefore produces a different checksum each time it is recompiled. (Probably because of the file timestamps?)

Therefore the langpack-checksum is bogus, removing any value from this revision.