Packages changed: MozillaThunderbird (38.6.0 -> 38.7.0) farstream (0.2.7 -> 0.2.8) imlib2 (1.4.7 -> 1.4.8) ldb perl-Bootloader (0.907 -> 0.908) talloc (2.1.5 -> 2.1.6) tevent yast2-users (3.1.45 -> 3.1.46) yast2-vm (3.1.24 -> 3.1.25) === Details === ==== MozillaThunderbird ==== Version update (38.6.0 -> 38.7.0) Subpackages: MozillaThunderbird-translations-common - update to Thunderbird 38.7.0 (boo#969894) * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using performance.getEntries and history navigation * MFSA 2016-16/CVE-2016-1952 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library ==== farstream ==== Version update (0.2.7 -> 0.2.8) Subpackages: farstream-data gstreamer-plugins-farstream libfarstream-0_2-5 - Update to version 0.2.8: + Add "require-encryption" parameter to ignore unencrypted packets. + Enable building static GStreamer and transmitter plugins. + Make OPUS plugin work and select it as default codec. + Bug fixes. ==== imlib2 ==== Version update (1.4.7 -> 1.4.8) - Spec cleaner run - Update to 1.4.8 * Add a Farbfeld loader (FRIGN). * Fix zlib and bz2 loader filename check. * Miscellaneous maintenance. ==== ldb ==== Subpackages: libldb1 libldb1-32bit - Require talloc 2.1.6 at build-time; (bsc#954658). ==== perl-Bootloader ==== Version update (0.907 -> 0.908) Subpackages: perl-Bootloader-YAML - Skip grub2-install on PowerNV - 0.908 ==== talloc ==== Version update (2.1.5 -> 2.1.6) Subpackages: libtalloc2 libtalloc2-32bit python-talloc python-talloc-32bit - Update to 2.1.6; (bsc#954658). + pytalloc: Add new BaseObject + pytalloc: add a _pytalloc_get_type() helper function and generate PyExc_TypeError on mismatch + talloc: add _pytalloc_get_ptr/_pytalloc_get_mem_ctx helper functions + Improve testsuite by avoiding path issues + Only set public headers field when installing as a public library + Fix a documentation typo ==== tevent ==== Subpackages: libtevent0 libtevent0-32bit - Require talloc 2.1.6 at build-time; (bsc#954658). ==== yast2-users ==== Version update (3.1.45 -> 3.1.46) - Do not include inst-sys users when cloning the configuration after the installation (bnc#965852) - 3.1.46 ==== yast2-vm ==== Version update (3.1.24 -> 3.1.25) - bsc#971054 - virtlogd is now required by libvirt and must be started automatically - 3.1.25