-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Nov 2020 20:06:09 +0100
Source: thunderbird
Architecture: source
Version: 1:78.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Changes:
thunderbird (1:78.5.0-1) unstable; urgency=medium
.
* [7842f02] New upstream version 78.5.0
Fixed CVE issues in upstream version 78.5 (MFSA 2020-51):
CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
CVE-2020-26953: Fullscreen could be enabled without displaying the
security UI
CVE-2020-26956: XSS through paste (manual and clipboard API)
CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
CVE-2020-26959: Use-after-free in WebRequestService
CVE-2020-26960: Potential use-after-free in uses of nsTArray
CVE-2020-15999: Heap buffer overflow in freetype
CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
CVE-2020-26965: Software keyboards may have remembered typed passwords
CVE-2020-26966: Single-word search queries were also broadcast to local
network
CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
* [e19743e] rebuild patch queue from patch-queue branch
removed patch (included upstream):
fixes/Bug-1663715-Update-syn-and-proc-macro2-so-that-Firefox-ca.patch
Checksums-Sha1:
12eb83a0c6bd0d5d6a3c7e4953f77a3d66c7e436 8151 thunderbird_78.5.0-1.dsc
3248af969acb33b2fcaaf33d8fc0743eacc10b6a 11809944 thunderbird_78.5.0.orig-thunderbird-l10n.tar.xz
c7b80a29b3a6d43dfa0e94af003dee330da60005 372881112 thunderbird_78.5.0.orig.tar.xz
b1f297e9806becfee7c3542dc54ad3ae750ff910 705944 thunderbird_78.5.0-1.debian.tar.xz
e06670bae9ab0ecbbee28f216b7d3084494907dd 35711 thunderbird_78.5.0-1_amd64.buildinfo
Checksums-Sha256:
26b923b88241f7c79d59644318328b53865b205f3dfc85b5ba9dcae8f37013a2 8151 thunderbird_78.5.0-1.dsc
f761745a85c17d83b0572277e36ea6f6cf57e3338ce799ed069c6e0cff1b3cea 11809944 thunderbird_78.5.0.orig-thunderbird-l10n.tar.xz
b34e06fefe6cc8e4b4e48cca3adc6e0fa91c146a34523f67a975f7f476ed56cf 372881112 thunderbird_78.5.0.orig.tar.xz
9944f0dc80aa7ee423d3b88084266fc8e3b38050dc4459a0bc46615e450e2061 705944 thunderbird_78.5.0-1.debian.tar.xz
40fb020061870fa225032358feb1d035392864d6df14964ee88964b285e5ba28 35711 thunderbird_78.5.0-1_amd64.buildinfo
Files:
6f8bfbb1fd877944250789744be03574 8151 mail optional thunderbird_78.5.0-1.dsc
7b51c35fc8a552fa990bb9756c40d204 11809944 mail optional thunderbird_78.5.0.orig-thunderbird-l10n.tar.xz
a951550aad4778f3e4ca7db7d17bd16c 372881112 mail optional thunderbird_78.5.0.orig.tar.xz
2d2f32e6d1a676f67dbc2b2980f3d5d9 705944 mail optional thunderbird_78.5.0-1.debian.tar.xz
8638447d448e12dbec4caf92d4c5e2b4 35711 mail optional thunderbird_78.5.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl+1gbwACgkQgwFgFCUd
HbDn+w/+LK2pldJd3YYlddvWYKhmgqa3Hi84c2JdUZVOMtX7LME/UW5RDcNxPidS
tTTLAe+tDu1mTN3Fgf1LelyxqGNrFVpZd62UdeyqP2E9S4pwG1jY6b1OXQG37WzL
uovDnideyPDkABbEv/E4FZnqq20pTVV/7r6sDcce6Qu9POHgJZ2H7xWO2MTML9s4
JUOyXzrr2wD5lecxiHcCAFI0Ebsd5K0pct+PgPDjzxNHpqawMCv4Hiof0LLl+myF
aHdayBq7Om9gpo5dtQgkylDL8OY8qgnPusUgEUyrLxNmM/MuiDhyJDzqX+GRf8yu
khC13b/ylYbhMVhsJfHGNZZNHiGNRo/8jaq2FxW69chFh8yDpL2C886ywJmD/Yms
3PPgsFYnScJXrqzZtAqzp3A3Gc7z5aRP0V/tkxlvDJCn9Nc5VmTqObikSy6MwHHz
NNyh34G2gJ2knafThktsWrGuq5El0DyAPa/vYtqr0lJMSmF7PbPd6nncgeZItCjG
oIC8LJ2he4h5cUfAQDpwWa0c4Qx6jfl9LlWlOO3MkCYPR42g2b8glxazM2Gd5KFt
scKQKLAtURDWAj+h1Y4y9/LiiraiZ8Wl0wHYRllQ2ZeBJRCCWdyzAfZid5bJFBPu
ajYCpBDsnC/EOp3ARZB80mtP0V96SVHglsZlzpWgM506qvX8fhA=
=6SuR
-----END PGP SIGNATURE-----
