Subject: CVS commit: [pkgsrc-2017Q3] pkgsrc/mail
From: Benny Siegert
Date: 2017-12-03 12:41:43
Message id: 20171203114143.B0C7EFB40@cvs.NetBSD.org

Log Message:
Pullup ticket #5656 - requested by khorben
mail/thunderbird: security fix
mail/thunderbird-l10n: update

Revisions pulled up:
- mail/thunderbird-l10n/Makefile                                1.61-1.62
- mail/thunderbird-l10n/distinfo                                1.59-1.60
- mail/thunderbird/Makefile                                     1.198,1.200
- mail/thunderbird/distinfo                                     1.193-1.194
- mail/thunderbird/hacks.mk                                     1.8
- mail/thunderbird45/hacks.mk                                   1.2

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Oct 27 18:01:44 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: hacks.mk
   	pkgsrc/mail/thunderbird45: hacks.mk

   Log Message:
   Remove removed inclusion. Pointed by oster@. Thank you

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:49:20 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 52.4.0

   Chagelog:
   New
   In Thunderbird 52 a new behavior was introduced for replies to mailing
   list posts: "When replying to a mailing list, reply will be sent to
   address in From header ignoring Reply-to header". A new preference
   mail.override_list_reply_to allows to restore the previous behavior.

   Fixed
   Under certain circumstances (image attachment and non-image attachment),
   attached images were shown truncated in messages stored in IMAP
   folders not synchronised for offline use.

   Fixed
   IMAP UIDs > 0x7FFFFFFF not handled properly

   Security fixes:
   #CVE-2017-7793: Use-after-free with Fetch API

   Reporter
       Abhishek Arya
   Impact
       high

   Description

   A use-after-free vulnerability can occur in the Fetch API when the
   worker or the associated window are freed when still in use,
   resulting in a potentially exploitable crash.

   References
       Bug 1371889

   #CVE-2017-7818: Use-after-free during ARIA array manipulation

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur when manipulating arrays of
   Accessible Rich Internet Applications (ARIA) elements within containers
   through the DOM. This results in a potentially exploitable crash.

   References
       Bug 1363723

   #CVE-2017-7819: Use-after-free while resizing images in design mode

   Reporter
       Nils
   Impact
       high

   Description

   A use-after-free vulnerability can occur in design mode when image
   objects are resized if objects referenced during the resizing have
   been freed from memory. This results in a potentially exploitable crash.

   References
       Bug 1380292

   #CVE-2017-7824: Buffer overflow when drawing and validating elements
   with ANGLE

   Reporter
       Omair, Andre Weissflog
   Impact
       high

   Description

   A buffer overflow occurs when drawing and validating elements with
   the ANGLE graphics library, used for WebGL content. This is due to
   an incorrect value being passed within the library during checks and
   results in a potentially exploitable crash.

   References
       Bug 1398381

   #CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

   Reporter
       Martin Thomson
   Impact
       high

   Description

   During TLS 1.2 exchanges, handshake hashes are generated which point
   to a message buffer. This saved data is used for later messages but
   in some cases, the handshake transcript can exceed the space available
   in the current buffer, causing the allocation of a new buffer. This
   leaves a pointer pointing to the old, freed buffer, resulting in
   a use-after-free when handshake hashes are then calculated afterwards.
   This can result in a potentially exploitable crash.

   References
       Bug 1377618

   #CVE-2017-7814: Blob and data URLs bypass phishing and malware
   protection warnings

   Reporter
       François Marier
   Impact
       moderate

   Description

   File downloads encoded with blob: and data: URL elements bypassed
   normal file download checks though the Phishing and Malware Protection
   feature and its block lists of suspicious sites and files. This
   would allow malicious sites to lure users into downloading executables
   that would otherwise be detected as suspicious.

   References
       Bug 1376036

   #CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode
   characters as spaces

   Reporter
       Khalil Zhani
   Impact
       moderate

   Description

   Several fonts on OS X display some Tibetan and Arabic characters
   as whitespace. When used in the addressbar as part of an IDN
   this can be used for domain name spoofing attacks.
   Note: This attack only affects OS X operating systems. Other
   operating systems are unaffected.

   References
       Bug 1393624
       Bug 1390980

   #CVE-2017-7823: CSP sandbox directive did not create a unique origin

   Reporter
       Jun Kokatsu
   Impact
       moderate

   Description

   The content security policy (CSP) sandbox directive did not
   create a unique origin for the document, causing it to behave as
   if the allow-same-origin keyword were always specified. This could
   allow a Cross-Site Scripting (XSS) attack to be launched from
   unsafe content.

   References
       Bug 1396320

   #CVE-2017-7810: Memory safety bugs fixed in Firefox 56, Firefox ESR 52.4,
   and Thunderbird 52.4

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description

   Mozilla developers and community members Christoph Diehl, Jan de Mooij,
   Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
   Hengst reported memory safety bugs present in Firefox 55, Firefox
   ESR 52.3, and Thunderbird 52.3. Some of these bugs showed evidence
   of memory corruption and we presume that with enough effort that some
   of these could be exploited to run arbitrary code.

   References
       Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Fri Nov 17 00:52:40 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird-l10n: Makefile distinfo

   Log Message:
   Update to 52.4.0

   * Sync with mail/thunderbird-52.4.0

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Mon Nov 27 23:36:40 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird: Makefile distinfo

   Log Message:
   Update to 52.5.0

   Changelog:
   #CVE-2017-7828: Use-after-free of PressShell while restyling layout

   Reporter
       Nils
   Impact
       critical

   Description
   A use-after-free vulnerability can occur when flushing and resizing
   layout because the PressShell object has been freed while still in use.
   This results in a potentially exploitable crash during these operations.

   References
       Bug 1406750
       Bug 1412252

   #CVE-2017-7830: Cross-origin URL information leak through Resource
   Timing API

   Reporter
       Jun Kokatsu
   Impact
       high

   Description
   The Resource Timing API incorrectly revealed navigations in cross-origin
   iframes. This is a same-origin policy violation and could allow for data
   theft of URLs loaded by users.

   References
       Bug 1408990

   #CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
   and Thunderbird 52.5

   Reporter
       Mozilla developers and community
   Impact
       critical

   Description
   Mozilla developers and community members Christian Holler, David Keeler,
   Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp,
   Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
   Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
   reported memory safety bugs present in Firefox 56, Firefox ESR 52.4, and
   Thunderbird 52.4. Some of these bugs showed evidence of memory corruption
   and we presume that with enough effort that some of these could be
   exploited to run arbitrary code.

   References
       Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
       and Thunderbird 52.5

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Mon Nov 27 23:38:39 UTC 2017

   Modified Files:
   	pkgsrc/mail/thunderbird-l10n: Makefile distinfo

   Log Message:
   Update to 52.5.0

   * Sync with mail/thunderbird-52.5.0

Files:
RevisionActionfile
1.197.4.1modifypkgsrc/mail/thunderbird/Makefile
1.192.4.1modifypkgsrc/mail/thunderbird/distinfo
1.7.14.1modifypkgsrc/mail/thunderbird/hacks.mk
1.60.4.1modifypkgsrc/mail/thunderbird-l10n/Makefile
1.58.4.1modifypkgsrc/mail/thunderbird-l10n/distinfo
1.1.6.1modifypkgsrc/mail/thunderbird45/hacks.mk