Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/661ECFDBE50A26499E5EEDC0AEFF0489
HistoryNov 19, 2020 - 12:00 a.m.

Security fix for the ALT Linux 10 package thunderbird version 78.5.0-alt1

2020-11-1900:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
11

EPSS

0.026

Percentile

90.3%

Nov. 19, 2020 Andrey Cherepanov 78.5.0-alt1

- New version (78.5.0).
- Fixes:
  + CVE-2020-26951 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
  + CVE-2020-16012 Variable time processing of cross-origin images during drawImage calls
  + CVE-2020-26953 Fullscreen could be enabled without displaying the security UI
  + CVE-2020-26956 XSS through paste (manual and clipboard API)
  + CVE-2020-26958 Requests intercepted through ServiceWorkers lacked MIME type restrictions
  + CVE-2020-26959 Use-after-free in WebRequestService
  + CVE-2020-26960 Potential use-after-free in uses of nsTArray
  + CVE-2020-15999 Heap buffer overflow in freetype
  + CVE-2020-26961 DoH did not filter IPv4 mapped IP Addresses
  + CVE-2020-26965 Software keyboards may have remembered typed passwords
  + CVE-2020-26966 Single-word search queries were also broadcast to local network
  + CVE-2020-26968 Memory safety bugs fixed in Thunderbird 78.5
- Fix guess timezone for calendar (ALT [#38081](<https://bugzilla.altlinux.org/38081>)).