-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Jul 2020 19:15:25 +0200 Source: thunderbird Architecture: source Version: 1:78.0-1 Distribution: experimental Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:78.0-1) experimental; urgency=medium . * [1016cc5] New upstream version 78.0 Fixed CVE issues in upstream version 78.0 (MFSA 2020-29): CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12418: Information disclosure due to manipulated URL object CVE-2020-12419: Use-after-free in nsGlobalWindowInner CVE-2020-12420: Use-After-Free when trying to connect to a STUN server CVE-2020-15648: X-Frame-Options bypass using object or embed tags CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process CVE-2020-12425: Out of bound read in Date.parse() CVE-2020-12426: Memory safety bugs fixed in Thunderbird 78 * [ad66b04] rebuild patch queue from patch-queue branch reworked patch: porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch * [4a2039c] d/mozconfig.default: enable OpenPGP feature build Checksums-Sha1: a9a0e3c48d3fcbcbc8accc4e110105bd62ec6e0c 8144 thunderbird_78.0-1.dsc 61ce051bb5a35d77d124dd102b6628548e8b27db 12176764 thunderbird_78.0.orig-thunderbird-l10n.tar.xz b8b5ba212a718ffc5e2671abce78776133658a91 386350172 thunderbird_78.0.orig.tar.xz 1af13daff9236c6ede42adcb18cb659c1bddfb7c 541888 thunderbird_78.0-1.debian.tar.xz dfbcbce477495ce6b3dc39f5d2b686869718274a 35805 thunderbird_78.0-1_amd64.buildinfo Checksums-Sha256: ad31b53c06117864bc685703b801067b50a60965144209c30e068f24bee7275e 8144 thunderbird_78.0-1.dsc 5556f6db4c19a787af6ab0f7f2b963c2d4c4ba13f28e2865f922a37d8b0e86ee 12176764 thunderbird_78.0.orig-thunderbird-l10n.tar.xz 8b52d513ea58321c17f7e43f6053d991a2d6ba44d6701d8af8f162a596c036fb 386350172 thunderbird_78.0.orig.tar.xz d8780be509ed0618564b1da8e6c2fa101108f31e351d3565983def9458b0a34a 541888 thunderbird_78.0-1.debian.tar.xz e7c257137591d092b283ba3fa43f912809fa27e1378e52223a88b808b1d4e964 35805 thunderbird_78.0-1_amd64.buildinfo Files: 6193a4b0c37d12961d755cea34accda5 8144 mail optional thunderbird_78.0-1.dsc aef800599202ee210c0bdbf82a4fbd99 12176764 mail optional thunderbird_78.0.orig-thunderbird-l10n.tar.xz 38709bfed646d725e28a12f97a3f1ecf 386350172 mail optional thunderbird_78.0.orig.tar.xz f867b5f4dbfe2bdba4f7e74189ee49c8 541888 mail optional thunderbird_78.0-1.debian.tar.xz eb8864789628008026b96d8324acdf2b 35805 mail optional thunderbird_78.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl8Qw2MACgkQgwFgFCUd HbD/Sg//SKBvIv0zN8V6cvq2BF4up5xUYY2264RJSBJC3PRHLHOmtY5PRO2wH57W MwMIEFwbeRzsLpLeUcYdThzaZwb6im9Jppn28tZupJgHbVLCtTZdXuKWfpXjobxN UG3FH/XKHYO7Kiun5qHS5yazuXghVbStUylLgKRa5VWxcBI/5XcZTXITX+cY7nKe OK9P7t9SMBsvKP7xFTphkuCjyHysIGpcHhMFPIk2ZrKTjv7Ptz27k6YqZBCVv5Yc 6mHCEOTq73qiwxcl+sAjgJNQzzeCPZvJBo+BAWQ+ZGv3VHXhXgWJbma3tyCjengR T/Yx28gXRhQcOpuwtWBsRTlaPbpm+weW20dWgwMkXQs0I3rkW0tgMaWBStVmpiJm e+/XXm2mO3ndt6zQ5lfv3c1OwhvJbxSdYc0dLuwZA3yv3f4WEMJf/0aHEAuiks97 y4Vu6efMn+eDzYHQm1zrcDlZP4l/JObvbbC6b76BL3bAADPLUkb0C8sw+Q43XVwa cVNEgYru92+Z0za7pKpcgQwmPdnYF8CJJGWeJSdnOkSdjaGEp8fVqLboobw3RBKc i+nm24rio2mryfhSmp8t2cbq7V7s4dnNJEnZcJ7mJ8QaE2b30PJgV16kcvtrB29i 0qXI1EZHi7gz1YNNUzmDc5nSjB24lLAfqhjZSFbeSoqJh6o30gA= =GXQJ -----END PGP SIGNATURE-----