* CVE-2020-15685 "During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session." * CVE-2020-26976 "When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing."
amd64 done
x86 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56078c75a0730f705a7297a686f793a7f72719a6 commit 56078c75a0730f705a7297a686f793a7f72719a6 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-31 05:21:54 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-31 05:21:54 +0000 mail-client/thunderbird-bin: security cleanup Bug: https://bugs.gentoo.org/767394 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 ---- .../thunderbird-bin/thunderbird-bin-78.6.1.ebuild | 378 --------------------- 2 files changed, 444 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=161b2ef4ef62f09b842733c36260415fe24a7f44 commit 161b2ef4ef62f09b842733c36260415fe24a7f44 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-01-31 05:21:23 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-01-31 05:21:23 +0000 mail-client/thunderbird: security cleanup Bug: https://bugs.gentoo.org/767394 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/Manifest | 65 -- mail-client/thunderbird/thunderbird-78.6.1.ebuild | 1056 --------------------- 2 files changed, 1121 deletions(-)
Thank you!
This issue was resolved and addressed in GLSA 202102-02 at https://security.gentoo.org/glsa/202102-02 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
Tree already clean.
