Packages changed: MozillaThunderbird (68.10.0 -> 68.11.0) libX11 sssd (2.3.0 -> 2.3.1) transactional-update (2.22 -> 2.23) xfwm4 (4.14.3 -> 4.14.4) xorg-x11-server === Details === ==== MozillaThunderbird ==== Version update (68.10.0 -> 68.11.0) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 68.11.0 * fixed: FileLink attachments included as a link and file when added from a network drive via drag & drop (bmo#793118) MFSA 2020-35 (bsc#1174538) * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1646787, bmo#1650811) Memory safety bugs fixed in Thunderbird 68.11 ==== libX11 ==== Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 - U_006-Fix-size-calculation-in-_XimAttributeToValue.patch: * Regression fix in previous XIM client head overflow fixes (CVE-2020-14344, bsc#1174628) - U_001-ChangeTheData_lenParameterOf_XimAttributeToValueToCARD16.patch, U_002-FixIntegerOverflowsIn_XimAttributeToValue.patch, U_003-FixMoreUncheckedLengths.patch, U_004-FixSignedLengthValuesIn_XimGetAttributeID.patch, U_005-ZeroOutBuffersInFunctions.patch, * XIM client heap overflows (CVE-2020-14344, bsc#1174628) ==== sssd ==== Version update (2.3.0 -> 2.3.1) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Update to release 2.3.1 * Domains can be now explicitly enabled or disabled using enable option in domain section. This can be especially used in configuration snippets. * New configuration options memcache_size_passwd, memcache_size_group, memcache_size_initgroups that can be used to control memory cache size. * Fixed several regressions in GPO processing introduced in sssd-2.3.0 * Fixed regression in PAM responder: failures in cache only lookups are no longer considered fatal. * Fixed regression in proxy provider: pwfield=x is now default value only for sssd-shadowutils target. - sssd-wbclient is obsolete and no longer shipped ==== transactional-update ==== Version update (2.22 -> 2.23) Subpackages: transactional-update-zypp-config - Version 2.23 - Add "run" command to be able to execute a single command in a new snapshot - Add "--drop-if-no-change" option to discard snapshots if no changes were perfomed (BETA, required for Salt integration) - Removed previous CaaSP Salt support (gh#openSUSE/transactional-update#33) - Avoid "file not found" message on systems without /var subvol ==== xfwm4 ==== Version update (4.14.3 -> 4.14.4) Subpackages: xfwm4-lang - Update to version 4.14.4 * Fix a crash on FreeBSD (gxo#xfce/xfwm4#411) * Fix compilation warning due to g_type_class_add_private deprecation ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk xorg-x11-server-wayland - U_FixForZDI-11426.patch * Leak of uninitialized heap memory form the X server to clients on pixmap allocation (ZDI-CAN-11426, CVE-2020-14347, bsc#1174633)