-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 May 2019 17:03:27 +0200 Source: thunderbird Architecture: source Version: 1:60.7.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:60.7.0-1) unstable; urgency=medium . * [f6dd130] New upstream version 60.7.0 Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15) CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-5798: Out-of-bounds read in Skia CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 * [4106d54] rebuild patch queue from patch-queue branch added patch: fixes/rust-ignore-not-available-documentation.patch Checksums-Sha1: 0af64f3516c94057c8ea533d122fc96a95419f65 12183 thunderbird_60.7.0-1.dsc 98d5c896c133add13edcfcfab06d036b3114a615 955628 thunderbird_60.7.0.orig-lightning-l10n.tar.xz 7da2c539b406250cba4700a1f43cecf2caf3fb04 9265824 thunderbird_60.7.0.orig-thunderbird-l10n.tar.xz 1bd012285c1c42e2f821a44bebad45ee5e9d3cae 286951976 thunderbird_60.7.0.orig.tar.xz 31ab1e78cc625b36b753a77df1db4ea64756e973 554696 thunderbird_60.7.0-1.debian.tar.xz ef663442a1877c9143fd82237f2704f5a1d3b07e 51472 thunderbird_60.7.0-1_amd64.buildinfo Checksums-Sha256: 15cabe391c60c278853307777ac6ba62c834401356e133b5b96caa52f60f3812 12183 thunderbird_60.7.0-1.dsc 13c54df970fe420e36d75bf3ce58f277533815815d5468e0bb1f744bae826e6c 955628 thunderbird_60.7.0.orig-lightning-l10n.tar.xz 763c0f5785b1b641bf1ff02d5ee8e88a041c0c8fdb33b98bd82da064cf794fd8 9265824 thunderbird_60.7.0.orig-thunderbird-l10n.tar.xz 44e46294668686618cd49f1dbf627ed74394606b3a4be150cc566166f098b855 286951976 thunderbird_60.7.0.orig.tar.xz 02233a5ecdaa9ffdee6174b05ebe0f97940f315390d6145f1dfaba56284bed25 554696 thunderbird_60.7.0-1.debian.tar.xz 0b5b1e696726570c64113e3ce308991ddfe52a07e64da546e3f0040bf26cdc94 51472 thunderbird_60.7.0-1_amd64.buildinfo Files: e6f720ea6f0cbcd914f3fd51ed60bb85 12183 mail optional thunderbird_60.7.0-1.dsc cd18d12212c7218a49703b6906fd6ac2 955628 mail optional thunderbird_60.7.0.orig-lightning-l10n.tar.xz c3df5a67f98a8aa69df6651333d90537 9265824 mail optional thunderbird_60.7.0.orig-thunderbird-l10n.tar.xz f7f0126b9d1cd5b70114e388653d868b 286951976 mail optional thunderbird_60.7.0.orig.tar.xz e742f35063c401b09d275f76281ce9d7 554696 mail optional thunderbird_60.7.0-1.debian.tar.xz b0df515b121b5aab7eb979de1e1e2b9a 51472 mail optional thunderbird_60.7.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAlzmw9kACgkQgwFgFCUd HbCl3xAAprVD+MTyPASboiexoPs4mHkKP75fk6rqfzLj3d1/3ikgfvuQH/sXpStH yBMavDi+LwqIY/eZ2nVGIDl/9xuYLjPXZ0mLa/gMNSyIzWo6IQvghNn16abfzB8Y gk3pr2Uq02+yc362CvlhzFDt2Kj6j+Mo7qLrXr2pJzkdHWaJCPMGKfEOSSXtcRSu WkNbpUTI2S1naW1/IBAKv0l7Huvtqny5HONk6s/nHV+4KWjhF7j2KpR0LUjknlFg pdf2yYO2qSZWDxybcAQI8xbUA9O1K6X7lC4jC8trvE08KJEuTMAeOVRo6wDv2UKN bHlyNi6NGO8ZQJvA7Gy2Asr8ub8XT9qsa+5lWmB/APHWuRFf5Cy2Sr9vPyRAJ2se 3RRvyL5zWuuo9Wjar2/G3r1gvFjBhq+DZbUimw09zWbGc+QItZmUaeGay1lWgAgD X5vmRbzV6MbOkqCzISlTpGPqPVG9NMcO6pgpM9qLqa3WUnWxGj9GokjtmwoRHEcM upoiU6aa7AQpJLNYNrlP0f/XZPBPMDTMlDECKnANlqxdO3nzPc10j1ywmQexmvxy lURKp3YdL/x5AGMWgSIqb8hPUxJPoYof91hrHebkLHiNmlNGslOwc5s2YPVVZMab E8k077tk5pTZqmi3svU1UhUMqYG8KuHNEru3xyL1k9XWMGy+iTc= =CNSo -----END PGP SIGNATURE-----