-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jan 2022 19:12:50 +0100 Source: thunderbird Architecture: source Version: 1:91.5.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Closes: 997841 1002570 1003280 Changes: thunderbird (1:91.5.0-1) unstable; urgency=medium . [ Carsten Schoenert ] * [8d4e5f8] New upstream version 91.5.0 Fixed CVE issues in upstream version 91.5 (MFSA 2022-03): CVE-2022-22743: Browser window spoof using fullscreen mode CVE-2022-22742: Out-of-bounds memory access when inserting text in edit mode CVE-2022-22741: Browser window spoof using fullscreen mode CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur CVE-2022-22737: Race condition when playing audio files CVE-2021-4140: Iframe sandbox bypass with XSLT CVE-2022-22748: Spoofed origin on external protocol launch dialog CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation event CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully escape website-controlled data, potentially leading to command injection CVE-2022-22747: Crash when handling empty pkcs7 sequence CVE-2022-22739: Missing throttling on external protocol launch dialog CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5 * [a86c0b4] Rebuild patch queue from patch-queue branch Modified patch: debian-hacks/Add-another-preferences-directory-for-applications-p.patch Reworking the patch so LoadDirIntoArray is working again that is adding an additional syspref folder for global settings to use. (Closes: #997841, #1003280) * [442988b] autopkgtest: Adding check for accessing syspref folder . [ Jochen Sprickerhof ] * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v' (Closes:#1002570 ) Checksums-Sha1: 8a9393d4c4f72ce5109cc10699be6ebb0e302231 8430 thunderbird_91.5.0-1.dsc 972792b86fb55a90d45d268a3ccdbdf2ee503de8 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz f8975543e11cc0f9c32ce5a589ac771173a68476 427588784 thunderbird_91.5.0.orig.tar.xz 994f83ad2ff32005c003f296bcaf1609c18ee278 543456 thunderbird_91.5.0-1.debian.tar.xz b696ba12b80bd69733d0bdb1d3053d3babe65741 36602 thunderbird_91.5.0-1_amd64.buildinfo Checksums-Sha256: 46f949a95ef8e0ef3d605fb64375af69b6f5b4031815b332fc9e8ec545c17dc2 8430 thunderbird_91.5.0-1.dsc fd289bdda7e01030b91628cbbef0ca6339b16df29f4d0cdc3d0aefdd2e3abe79 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz 8a86d2c6c1114bb4c2dd82586f45c39a24addb470b789176e34a7ea00f2ab4b2 427588784 thunderbird_91.5.0.orig.tar.xz 6735b3b9e880ecfdcfb94ace5be69bf7cc1c48c44236c4f50f36007eb3016c8a 543456 thunderbird_91.5.0-1.debian.tar.xz 47884dfc05f3165941991c847a8512e3b2c3f9ac92a39762cc374833e5c637b3 36602 thunderbird_91.5.0-1_amd64.buildinfo Files: fdab056198dd66eaa21bb101f43011bd 8430 mail optional thunderbird_91.5.0-1.dsc 46ad33a3d6597a54c6d6ceb4e24f88c5 12014504 mail optional thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz 5ffbe3d52101096f33b29fb729daccbc 427588784 mail optional thunderbird_91.5.0.orig.tar.xz 8ebeecc9d114de0ac8754c802e80949f 543456 mail optional thunderbird_91.5.0-1.debian.tar.xz 6ade50cfba9d8adc86a0a1b40221ef97 36602 mail optional thunderbird_91.5.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmHd1eoACgkQgwFgFCUd HbCR3g//Qefl8p3F9vgXsPTqUA0XUg7dYbsN6rnzRDEVt+Weto8SWZw37JfjOezL x60j3b2I7aLeZ4m+cOL8Yiokqnxe4YOwFq/pwxUSuFX5R+1dojpyqH28NLApLrMF 71MFF1wsABxzeEGyKQBy312UEBPXlPGT5c2esxbsBi83L3oBXljHytDyLN8r4rgj 0yZHmRpnD9Pz+TTKjCIFMsIIlXcwqr2LAmnnENSS3RozljNDizw7nKoJ8v/zesCK RhZNMPHL2WFkhsTfnl7i9ugCtQH1F3SHcjJRdfi9wGaW8pT59Gu+hSj3VmSUURN1 hkcnf3wqneN4frNpdap1SezkJOognFL/WxQfhRgGU+YauiJpirG5FSTVwQoRYWu3 B7kaCn1JVxK1+ZReWDkYKMl4kTz6w40dLa/FHnPmFynpmWrwUE3hbbHKzSZ75BcT 2JXVEbRHVRTtdzr9PkH5sYYzejqFXAGntcOtcHirxlp/vuag6Fji0gfMeG5Itwq5 fYWIc7dJk2HZIck35bcU3Qx4Z0DWxoV3xMZHQ6UAZM1SypMbS9+Y5rz+gfCrvbJe pa3DD9N0qTEp5wfdftIhDi8rMZTVpcPpccr/3dLbOw+kKNE6enUAjkWioXXFGDe8 Z/Pu4Cvg2/cQIkjSZSk6ew4iOzBa1P7N00Tn1v+WN8CxW470eQU= =7ER1 -----END PGP SIGNATURE-----
