-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 15 Dec 2020 10:12:34 +0100 Source: thunderbird Architecture: source Version: 1:78.6.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Closes: 972072 973697 976979 Changes: thunderbird (1:78.6.0-1) unstable; urgency=medium . * [1410f1e] d/watch: update to version 4 * [a8303b7] d/rules: use python3 explicitly while calling mach * [f3f535e] New upstream version 78.6.0 Fixed CVE issues in upstream version 78.6 (MFSA 2020-56): CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory to be exposed CVE-2020-26971: Heap buffer overflow in WebGL CVE-2020-26973: CSS Sanitizer performed incorrect sanitization CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free CVE-2020-26978: Internal network hosts could have been probed by a malicious webpage CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs CVE-2020-35112: Opening an extension-less download may have inadvertently launched an executable instead CVE-2020-35113: Memory safety bugs fixed in Thunderbird 78.6 (Closes: #972072, #973697) * [16a7ab7] /u/l/thunderbird: Correct escape sequencing for gdb calling We need to do a better escaping of values of the '-ex' option otherwise the shell is refusing the concatenated string we want to use as call. (Closes: #976979) Checksums-Sha1: d413a7d5ba5f497ab38b37036984b56215bd654d 8151 thunderbird_78.6.0-1.dsc baa73a7d5fee90dbb8039d77abd23a9c2f187f29 11808488 thunderbird_78.6.0.orig-thunderbird-l10n.tar.xz f5edcd257038f132d0bc9414f95daad778b577e3 373172336 thunderbird_78.6.0.orig.tar.xz 3230f4a038e65371147de3eb2588f1d41277f807 706364 thunderbird_78.6.0-1.debian.tar.xz 11b68784eac7d728ee5173c36df094800fbfa322 35683 thunderbird_78.6.0-1_amd64.buildinfo Checksums-Sha256: b72327284ca97ce6444f836fdf2029ae20b91dc636cffeacf89ab52f8c3f485b 8151 thunderbird_78.6.0-1.dsc 0aa90d249580d44ce3e67462731f52c8f45b3eff68395ce82af48f40dae46bb4 11808488 thunderbird_78.6.0.orig-thunderbird-l10n.tar.xz bcb49158423f4c564da7e3639d206576ca80506d5ce042c235151cb4466b8631 373172336 thunderbird_78.6.0.orig.tar.xz 89f6428a888848a4f4e47e14358c8e62c207dc895254e94d7863976a6e3b4537 706364 thunderbird_78.6.0-1.debian.tar.xz f0ac4c49c95b162bea786f21c3fa94ab11823fb0f0d3624722b18a63f7473eb5 35683 thunderbird_78.6.0-1_amd64.buildinfo Files: 60eeddf6f3799ccce06d85f4f1f7800e 8151 mail optional thunderbird_78.6.0-1.dsc a1513bcfd74be169ac74ca6910f8e31a 11808488 mail optional thunderbird_78.6.0.orig-thunderbird-l10n.tar.xz 91ce257388bea29830a188c0fb1aa26b 373172336 mail optional thunderbird_78.6.0.orig.tar.xz e4f65bc3d93cb80407619fd64b6e6e74 706364 mail optional thunderbird_78.6.0-1.debian.tar.xz 197c757a6263b3210ac3ec2828634a03 35683 mail optional thunderbird_78.6.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl/Y1QkACgkQgwFgFCUd HbCt5A//S1b0583wcyhTbFs9FW/2wV7+cR97DEGTi2RR2HeWKGlRL74pfWYeFWqD ShmFHDs+ewTDl9ruuy9pdd1vrfnepUaahGFGjroGwrXHGgz+3YuBpnEjKW+O+55q 8FMbOhKV/aSp07BW7IuumBNpf/Fe2AU74TQWDjgIfqvEbTipGEQTF1QHYk4eIIxA Myk8HENg3SuWifQuB/93B/LdCi4qVBAGQRv1GhlhavK4tVqz2cEr3eY2NfbAUV/G ++kIHuodZ52ihcT1SvwisdJbDWiUVafFXzL0lH5eEDvQB0XdU0I79fZq9NRxxMCw VzoYkD7Wevk46RNfijBDbsz/EGEolpM8tvnllGs3eTzcgmt/0rb4FRT6PriV9dRd cxt4HfVPYVOZE1p3ncIiYK/CuLnQVuATQ9jX/cKyZWQRrlR8GXA2N4M8j4lxUG4m MR76Drznbk4czwuMm1yJx7HXp6rO3rZcV/QG9HetglThlLnJipqCq1+rT5KZ1qFO 2g8MnxkTT/+pDu990lUxvF/yxLA5yH9Hjt9VsSMyzGhUi9uVxSxRKPHxKC5ZNs0Y v7bhBIAqKZrCxrf48sJm1kvyihqX2kNzwbZ9gL9HzuF2E5tqYHJlCM6ckZWgDwIW IjWa72G/5zobVlitK3S6bWY094Z0tyWRhKkjCXHmsqiJ/NGabys= =kJFp -----END PGP SIGNATURE-----
