-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 11 Feb 2022 18:50:23 +0100 Source: thunderbird Architecture: source Version: 1:91.6.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Closes: 1004951 Changes: thunderbird (1:91.6.0-1) unstable; urgency=medium . * [884ccb6] New upstream version 91.6.0 Fixed CVE issues in upstream version 91.6 (MFSA 2022-06): CVE-2022-22754: Extensions could have bypassed permission confirmation during update CVE-2022-22756: Drag and dropping an image could have resulted in the dropped object being an executable CVE-2022-22759: Sandboxed iframes could have executed script if the parent appended elements CVE-2022-22760: Cross-Origin responses could be distinguished between script and non-script content-types CVE-2022-22761: frame-ancestors Content Security Policy directive was not enforced for framed extension pages CVE-2022-22763: Script Execution during invalid object state CVE-2022-22764: Memory safety bugs fixed in Thunderbird 91.6 (Closes: #1004951) Checksums-Sha1: 92b7ab3ab94b3885dca42f5fe8d9afe367e7a886 8430 thunderbird_91.6.0-1.dsc 7eb39bd4f3fed8bd474d4eceeda8da0db425c7a2 12175372 thunderbird_91.6.0.orig-thunderbird-l10n.tar.xz 583c4c5668f8881d9727cfa2fb5ba5b059f0916f 427064940 thunderbird_91.6.0.orig.tar.xz 13a5460ebbc95d2e4688e9eaf3e00ec301921a7a 543604 thunderbird_91.6.0-1.debian.tar.xz 0a2fdbc335be80acae8bad26654b13421951d7d6 36453 thunderbird_91.6.0-1_amd64.buildinfo Checksums-Sha256: 0de55e293fb06735beed776492abed1b7d48b962f420fee35d805033f983c993 8430 thunderbird_91.6.0-1.dsc 130e2abe1cab4be71c7c1506da55eff58121e890564f4f0ca6d2f17742f5b569 12175372 thunderbird_91.6.0.orig-thunderbird-l10n.tar.xz 8590b4c0fe183b373cc7befcedd7c8d0ca6ef75d37c3137fc3aaac65917b9783 427064940 thunderbird_91.6.0.orig.tar.xz aa4cf8f4dfa6265baf15a50cb05a1b33bc047cf96bb25e0132a0f66a3786b1f0 543604 thunderbird_91.6.0-1.debian.tar.xz 63c3b92d76daa3a46b7f4de108223db7c1e701d11dc9f9151651bf6c2bd79d83 36453 thunderbird_91.6.0-1_amd64.buildinfo Files: 76788f09ff8bffa52779450ab1b845d3 8430 mail optional thunderbird_91.6.0-1.dsc 98ed010f7c4ffd93191135457d45cf5b 12175372 mail optional thunderbird_91.6.0.orig-thunderbird-l10n.tar.xz 2ab07436fc76be2b66f0ec1894356669 427064940 mail optional thunderbird_91.6.0.orig.tar.xz 7b84f2e5bb3cde55fc931e9380b941f4 543604 mail optional thunderbird_91.6.0-1.debian.tar.xz f7e21b5c4a906c1b05a3381aa27583a4 36453 mail optional thunderbird_91.6.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmIHWJQACgkQgwFgFCUd HbB9PQ/8C2j2Maxof9IcWLTdXMxP6Gm/FzzG1h6j+wrknPcxIA3uG7iZbsX8phC3 G6ITvH7ZyzwbJ8+hng/ecdN8FKNEwHGzJrdQ2xExg9O9vue53k8Sx1oLOobkIKVG kMY4ILw+yB+fUyLDJQJhRTt/QvPPsyqoflxCODrUy3oGndjFOG06v6v9poN6KRBC ZhCZ6C1HLbcsK66GxRCJsb+5PBBrPkjhBPgt8eCAkiWlfyA5zT+I3ENqEmGsR8uA p+u8NpXBNVdx2cA3dkRCP9462ROq5n23upFyKSJ3ykaCJBGxu81t9t7d5d5BNJ64 kS8/LAj4JutZjYiQdFk9G9VyRPAs1AiGqgYw7xOtv0Yh8zhowfp3as7l0Wap9m25 v6yt2KUfmNcSRRJmR5uZMjHW1OjO1Cg7QzqOj1iuBbvos4YEVq5ZlChGlALCdJmt 23pSEAQYfLWPzjSyQWa92pb1x2+T4/1kBFpG+Al+Hsdn7A6VB/upC2X6aNoAarfh H9BRYAhdW2bSy1YrZqgIg0EJitf0TItIpH5BvBlCbDQKnw3g8LdzSkTVbAoXsPJa vVqX7rvMUcaFA9noe5hHt/v54v+DsA3WbP6igNi33/2VV2aJpdDPokAK4Ix9NKGK VaJbTTBNqKTKbJB6N1uaYMZZzgAiCTqT9nUi9Z4/vD1oro51ob8= =hpbh -----END PGP SIGNATURE-----