openSUSE-SU-2023:0278-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0278-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0278-1
Related
Published
2023-10-02T09:07:31Z
Modified
2023-10-02T09:07:31Z
Summary
Security update for seamonkey
Details

This update for seamonkey fixes the following issues:

update to SeaMonkey 2.53.17.1

  • Upstream libwebp security fix bug 1852749.
  • CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649.
  • Fix bad string encoded in ansi. l10n fr problem only bug 1847887.
  • SeaMonkey 2.53.17 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.
  • SeaMonkey 2.53.17 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release.
  • Additional important security fixes up to Current Firefox 115.3 and Thunderbird 115.3 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to.

update to SeaMonkey 2.53.17

  • Fix macOS Contacts permission request bug 1826719.
  • Remove SeaMonkey 2.57 links from debugQA bug 1829683.
  • Treat opening urls from the library as external bug 1619108.
  • Disable spam warning for autogenerated links in plaintext messages bug 619031.
  • Switch SeaMonkey build files to Python 3 bug 1635849.
  • Remove empty overlays from Composer bug 1828533.
  • Move xpfe autocomplete to comm-central suite bug 1418512.
  • Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847.
  • SeaMonkey 2.53.17 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.
  • SeaMonkey 2.53.17 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release.
  • Additional important security fixes up to Current Firefox 102.11 and Thunderbird 102.11 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to.

Update to SeaMonkey 2.53.16

  • No throbber in plaintext editor bug 85498.
  • Remove unused gridlines class from EdAdvancedEdit bug 1806632.
  • Remove ESR 91 links from debugQA bug 1804534.
  • Rename devtools/shim to devtools/startup bug 1812367.
  • Remove unused seltype=text|cell css bug 1806653.
  • Implement new shared tree styling bug 1807802.
  • Use win.focus() in macWindowMenu.js bug 1807817.
  • Remove WCAP provider bug 1579020.
  • Remove ftp/file tree view support bug 1239239.
  • Change calendar list tree to a list bug 1561530.
  • Various other updates to the calendar code.
  • Continue the switch from Python 2 to Python 3 in the build system.
  • Verified compatibility with Rust 1.66.1.
  • SeaMonkey 2.53.16 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.
  • SeaMonkey 2.53.16 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release.
  • Additional important security fixes up to Current Firefox 102.9 and Thunderbird 102.9 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to.

Update to SeaMonkey 2.53.15

  • Microtasks and promises bug 1193394.
  • Implement queueMicrotask()bug 1480236.
  • Remove old synchronous contentPrefService from the tree bug 886907 and bug 1392929.
  • Remove remaining uses of 'general.useragent.locale' bug 1410736 and bug 1410738.
  • Migrate to intl.locale.requested.locale list from 'general.useragent.locale' bug 1441016.
  • Introduce a pref to store BCP47 locale list bug 1414390, bug 1423532 and bug 1441026.
  • Remove synchronous certificate verification APIs from nsIX509CertDB bug 1453741 and bug 1453778.
  • Taskbar preview's favicon appears blank bug 1475524.
  • Call Imagelibs decodeImageAsyncWindows using a callback bug 1790695.
  • Remove PermissionsService from process Windows sandboxing code bug 1788233, bug 1789782 and bug 1794394.
  • Security info dialog doesn't show cert status anymore bug 1293378.
  • Replace nsIPlatfromCharset in mailnews bug 1381762.
  • Replace use of nsMsgI18NFileSystemCharset() with NSCopyUnicodeToNative/NSCopyNativeToUnicode() bug 1506422.
  • Cater for Outlook's/Hotmail's 'Deleted' folder bug 1320191.
  • Make some filter methods scriptable bug 1497513.
  • Fix crash in nsMsgFilterAfterTheFact::ApplyFilter() caused by async reset of 'm_curFolder' bug 537017.
  • Localize messages from nsIMsgFolder.logRuleHitFail() bug 1352731.
  • Add logging of message filter runs and actions bug 697522.
  • Check that we got a non-null header before running a filter on it (and crashing) bug 1563959.
  • With CONDSTORE, eliminate unneeded flag fetches at startup bug 1428097.
  • Fix so custom tags (keywords) are visible to all users bug 583677.
  • Improve handling of tags on shared folders bug 1596371.
  • Allow setting/resetting junk marking by user for yahoo/aol to stick bug 1260059.
  • Don't check subject if spellchecker is not ready bug 1069787.
  • Grammar issues in mailnewsaccountsettings.xhtml bug 1793291.
  • Remove use of nsIMemory bug 1792578.
  • Replace obsolete GetStringBundleService call in SeaMonkey bug 1794400.
  • SeaMonkey crashes on MacOS Ventura 13.0 bug 1797696.
  • Continue the switch from Python 2 to Python 3 in the build system.
  • Added support for clang 15 and macOS SDK 11.3.
  • Verified compatibility with Rust 1.65.
  • SeaMonkey 2.53.15 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes.
  • SeaMonkey 2.53.15 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release.
  • Additional important security fixes up to Current Firefox 102.6 and Thunderbird 102.5 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to.
References

Affected packages

SUSE:Package Hub 15 SP5 / seamonkey

Package

Name
seamonkey
Purl
purl:rpm/suse/seamonkey&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.17.1-bp155.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "seamonkey-irc": "2.53.17.1-bp155.2.3.1",
            "seamonkey-dom-inspector": "2.53.17.1-bp155.2.3.1",
            "seamonkey": "2.53.17.1-bp155.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / seamonkey

Package

Name
seamonkey
Purl
purl:rpm/suse/seamonkey&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.17.1-bp155.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "seamonkey-irc": "2.53.17.1-bp155.2.3.1",
            "seamonkey-dom-inspector": "2.53.17.1-bp155.2.3.1",
            "seamonkey": "2.53.17.1-bp155.2.3.1"
        }
    ]
}