-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jul 2019 22:09:04 +0200 Source: thunderbird Architecture: source Version: 1:60.8.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:60.8.0-1) unstable; urgency=medium . * [49f4e91] New upstream version 60.8.0 Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-23) CVE-2019-9811: Sandbox escape via installation of malicious language pack CVE-2019-11711: Script injection within domain through inner window reuse CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects CVE-2019-11713: Use-after-free with HTTP/2 cached stream CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault CVE-2019-11715: HTML parsing error can contribute to content XSS CVE-2019-11717: Caret character improperly escaped in origins CVE-2019-11719: Out-of-bounds read when importing curve25519 private key CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 60.8 Checksums-Sha1: 562582aadd2d73fae5c9831f9fe1e89665c8ae38 12183 thunderbird_60.8.0-1.dsc fae3d2faa817f6db22ae71dff76e2cfbfcc7e6ea 955508 thunderbird_60.8.0.orig-lightning-l10n.tar.xz 182ca11316070579d730b0b9a817f57c9c4bfce8 9265012 thunderbird_60.8.0.orig-thunderbird-l10n.tar.xz 71181635dc3806256c5e9b56e5d4ad0a7140c112 286888216 thunderbird_60.8.0.orig.tar.xz daee7874d803b8ebe175eea7643009eb536d3fdc 555016 thunderbird_60.8.0-1.debian.tar.xz caea3b32e2d9afb0c71df7b51491e4350d0c77b7 51813 thunderbird_60.8.0-1_amd64.buildinfo Checksums-Sha256: e714472fd5e638cbe112035d8bb893a7645852bca42e9134ff65f2d6882a2cfa 12183 thunderbird_60.8.0-1.dsc 8a1651cf1e5d9cc4a66224715493ee18bbe24e1bae349a70f4d702c2d9d961a9 955508 thunderbird_60.8.0.orig-lightning-l10n.tar.xz c78a59c05d0f3ff594fb50ad1e9e6083653a59440f15b641408e4959f6a220b3 9265012 thunderbird_60.8.0.orig-thunderbird-l10n.tar.xz c2005a959525b55f54e48f047a54bd23781ea5a0bd5e72d76786f537c12a9097 286888216 thunderbird_60.8.0.orig.tar.xz aebb8ec6411249695d831751b826875639e4b98f9d2359f464ee30d0b4a7a6e3 555016 thunderbird_60.8.0-1.debian.tar.xz 59cf8aa779877de9f90c2903ebb8b18838845386c033d81e4f4962b027105210 51813 thunderbird_60.8.0-1_amd64.buildinfo Files: 7569256ad49af6f67791a51022a20b6b 12183 mail optional thunderbird_60.8.0-1.dsc 8ad97694f32fd1989f580bf9d1caaed5 955508 mail optional thunderbird_60.8.0.orig-lightning-l10n.tar.xz 401f1613faa3d90a11e55c6af06e9511 9265012 mail optional thunderbird_60.8.0.orig-thunderbird-l10n.tar.xz d58f72bbeedd2a73925cd0ec61142fda 286888216 mail optional thunderbird_60.8.0.orig.tar.xz c321e2c5855176c59f8bd9313573ceb5 555016 mail optional thunderbird_60.8.0-1.debian.tar.xz 78ce2ded311349af995570c96d7f9cab 51813 mail optional thunderbird_60.8.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl0o4KsACgkQgwFgFCUd HbAAVBAAhx5j52HhLKZQH8r/Rh83nXIKr1G1xIgOK3ID/aho4Pjku1/vkOjcVPvP FvBP5gOypSo+rXpAxbDJqIDW4yvudEMjjfOu+mVcEqe2Glitldu6MOKENXUxjvlc 8ya37covqmRxm9fJJv4x7byldhOMiwI8ZIIoo/k9icqBxEhu85nuxlesATjr8lmQ VUWQjbVquzYG5ESGn6qMsoPtDvW+M5c9lOAaqRYqvOrQbSlKQLceiQAAWvyP7Hd6 EMybDwgDuWPcUcS3Rqq/4ETnqwpgmu0Fl1rE9LJAOo7RG70WpV76EU1YwI5nj4KQ ehXnLL+8I4kib8yewVE224QxMpmxGkbbB3HkV6JCpUukd2X66oOlfKw9jVaJFeT5 kdlH9A6u1Hb8APc0tbqH6Xq7tolPTEqy0aoMDq6lzADSRnC/G0brJd1wmR0IHyvu BTbG46QOiAzHJDAb2kEBkJdlf9+VEoXXZ0b5wXaQqxNFgkJHv/7LWI5FGLnWGZuG KPBADkRaVQxTxIHPTfLnqZvaNAZQEqX6GlRTiP5eAkyQZvZ71KCYGeUGwwSsaMss s70oles3GFbO16psTxzlIxTzbMhlPQL64YI2ZIqXESNCiBAzArZVO63w0t7Hnku0 vvMEEO4CJkfivg3j+f8h3Zhu+dfXKdUFyHek4MXKVxpp2zhi1SM= =jCSE -----END PGP SIGNATURE-----