Security updates for 2020.05.10

added needs-review label

added 8 commits

• ef6aa89e...7f27f31b - 5 commits from branch master
• 3ac4c5af - user/thunderbird: [CVE] bump to 68.8.0
• 4631996e - user/net-snmp: fix CVE-2015-8100
• d10f09fc - [CVE] user/firefox-esr: bump to 68.9.0 and fix seccomp for time64 (#284 (closed))

Compare with previous version

mentioned in merge request !451 (closed)

Does Thunderbird not have a 68.9.0 yet? And doesn't Thunderbird require the same seccomp patching that Firefox did?

They didn't when I updated this MR - it just came out today (June 3). I'll bump that as well.

And no, as far as I can tell Thunderbird does not do any kind of sandboxing with seccomp yet - the relevant code from mozilla-central is present but the entire program runs in a single process, so I think it's just dead code. As far as I know the whole thing is a "work in progress".

added 5 commits

• d10f09fc...66892fd2 - 2 commits from branch master
• c5a534f9 - user/thunderbird: [CVE] bump to 68.9.0
• bc1df8fa - user/net-snmp: fix CVE-2015-8100
• 98a72506 - [CVE] user/firefox-esr: bump to 68.9.0 and fix seccomp for time64 (#284 (closed))

Compare with previous version

merged

mentioned in commit 925fabf5