-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 May 2020 20:47:29 +0200 Source: thunderbird Architecture: source Version: 1:68.8.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:68.8.0-1) unstable; urgency=medium . * [9b5ae46] New upstream version 68.8.0 Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18): CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode characters CVE-2020-12387: Use-after-free during worker shutdown CVE-2020-6831: Buffer overflow in SCTP chunk input validation CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0 Checksums-Sha1: 7d9adb61689b24bfe7d23a574824800b716ee320 8274 thunderbird_68.8.0-1.dsc 502c871526ae2a97c089929c969941add592d318 1045388 thunderbird_68.8.0.orig-lightning-l10n.tar.xz 0f1f3658f8b4ad5f634086b4b841d9f6e91864be 9837560 thunderbird_68.8.0.orig-thunderbird-l10n.tar.xz e0651a6b18fec9943ad55884dfa0bbdc980d73c9 357211944 thunderbird_68.8.0.orig.tar.xz 878a2d51b941cde24adef0047e39c218e8a7a5ed 546800 thunderbird_68.8.0-1.debian.tar.xz dcd87f67af34b82575f3c8f063d77bc0507b5591 35522 thunderbird_68.8.0-1_amd64.buildinfo Checksums-Sha256: df92f083910bf4c0f81d2e2e001f593782a84537f17a2c3dc00f1cf93d36d5cb 8274 thunderbird_68.8.0-1.dsc a2c0d17bd8931a5f8d0c9be20dc4253ec76583f338d32d16f8c7876d26fd1925 1045388 thunderbird_68.8.0.orig-lightning-l10n.tar.xz 1c93ac2949805a796c0947d1fc023987d2126355a8a3ab94e9b4ef409d370401 9837560 thunderbird_68.8.0.orig-thunderbird-l10n.tar.xz b7f2e57448422bf6eea9f5f224359698a124eb503f5cfcc03d1e5591cac5c2d2 357211944 thunderbird_68.8.0.orig.tar.xz 5f34c686ab5fcc80f6737b7ee878400e5f7ec0afca9814905a5ce29ebef1aa8a 546800 thunderbird_68.8.0-1.debian.tar.xz b6138ceca50d4be7708c438bfbeddb0b18c9ed4403880a2d8efefec2f613174d 35522 thunderbird_68.8.0-1_amd64.buildinfo Files: d938579f2929de6428b780bdfb74077b 8274 mail optional thunderbird_68.8.0-1.dsc 21a581078ebd6d1afb3fcbd15712789f 1045388 mail optional thunderbird_68.8.0.orig-lightning-l10n.tar.xz 48ee0d7e30a170c621a95af2007af72e 9837560 mail optional thunderbird_68.8.0.orig-thunderbird-l10n.tar.xz 8ee83b8939fc3867576485e894e1775e 357211944 mail optional thunderbird_68.8.0.orig.tar.xz a08304edceb3d861991fb70c948eddb9 546800 mail optional thunderbird_68.8.0-1.debian.tar.xz 74af1fcf09022c9d72e806fc62a09ab9 35522 mail optional thunderbird_68.8.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl6yg3IACgkQgwFgFCUd HbARAg//RCX6Y7QdhYm3Eu912AtBMtgU8xfGFEcrojX/EgZfrqj4yXEymdCfE6gX oj6v21sV8K4RkngpFRLCl/HyJMaAUPXY2MDNmgBE05FuGweGCRzWk4CqxL5jko7o pRyynFgOxROROnZaqo2dlan1le9+UP+E2SkzLJXCTvu03EZIDeR5W0zknHYiANyi Mh3BuOwHYjfrjVaBRcsWJ0kLLX8zM+e34DN7ZVLPGWFUBEiPv/zjjbEtfnJTOrfG wzK+xfKZy/MliodAcDzNgXSIZtvRUqaW1ep6WWKRvrPs6UZpsYvJP+4eLr0KvD87 dDyIGZ8/5FZQeQJBhjLZERGSlhl+Z+AogbOERWQ0XYeWwB7IY9rffHQXVaD3PBdm GCehx/Zd7G38uKwP3y0v75tJ4Zy0XkcJmdH0Dd/8HFXtpMDH7gs5D4+HpRfFBPCm HWYoSgODQXz7ZoEzrOIoRCobRVNU++N4Zuo2+a/mkAUkWlDpeBGJoUtqdLzm4M3j 5msRHHfzbCAkjIJi1slZ7iGywafIdY++K9TVby+HBywwgbHdVAHXQXlwWDu0pDjw mdUiFp/hqIf2RMmQZD5xZ5MwXI4TgOkRVMSSJ5lLR548TF0WzLG9vqA0gI6gR4B7 2MaAiue4qodVKfcGLEk1FtmlveuErMUtKfjCUkicsvQ5cprZS9w= =pSdw -----END PGP SIGNATURE-----