-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 May 2022 19:36:06 +0200 Source: thunderbird Architecture: source Version: 1:91.10.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:91.10.0-1) unstable; urgency=medium . * [969960a] New upstream version 91.10.0 Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19): CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution . Fixed CVE issues in upstream version 91.10 (MFSA 2022-22): CVE-2022-31736: Cross-Origin resource's length leaked CVE-2022-31737: Heap buffer overflow in WebGL CVE-2022-31738: Browser window spoof using fullscreen mode CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files CVE-2022-31740: Register allocation problem in WASM on arm64 CVE-2022-31741: Uninitialized variable leads to invalid memory read CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 * [4b55e16] d/control: Increase Standards-Version to 4.6.0 No further changes needed. Checksums-Sha1: ee22b8b92c6a2847811ffeaf3f12448a912e8cc1 8440 thunderbird_91.10.0-1.dsc 55895d91504f279df05f795b56544dced672cfd1 12254608 thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz f34647156dcc0501fdb3ffe405c9b29952d7ca20 427915508 thunderbird_91.10.0.orig.tar.xz 7f7ca566bbbd0dc7dbd79263050cf6d1884201c3 545564 thunderbird_91.10.0-1.debian.tar.xz 6e38596ff9e2cbe2de48b01a81675d9cd71c9355 36885 thunderbird_91.10.0-1_amd64.buildinfo Checksums-Sha256: 8405185c97d96d8b853c85082f5bf45279c585f96a78964c6bd9c3ff291e24cb 8440 thunderbird_91.10.0-1.dsc 2f28e9e768f97ae96d6e68f3920f0c47024938cdb392d12930335a4833d61701 12254608 thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz a834599ed6581e6c88dc2545d1815d9aae1a094fa16be25d26e496ae9f7b4985 427915508 thunderbird_91.10.0.orig.tar.xz 91881080c3959bed693b41e76e51cd9ecf3f5369606b72a7da5071ce552796b5 545564 thunderbird_91.10.0-1.debian.tar.xz 09d4995951f41fb3aa152f8ea073b78ebff578b76d32b8fd4e0bcf9f1dbb2fea 36885 thunderbird_91.10.0-1_amd64.buildinfo Files: 62f49a78853feeb92f3e410c1ecea429 8440 mail optional thunderbird_91.10.0-1.dsc 3d2bb1544d52e871d577faba78058c07 12254608 mail optional thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz 1f779da0c8ccc0a8b0d55c9fa9e18ab2 427915508 mail optional thunderbird_91.10.0.orig.tar.xz 886ad5c2ea71fa853dde52236c54e0a6 545564 mail optional thunderbird_91.10.0-1.debian.tar.xz 1f67a8223e0f7c091562eee067697c4f 36885 mail optional thunderbird_91.10.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmKWbWcACgkQgwFgFCUd HbBttxAAkMpy1dqlczfEz8VuD+dcl0tjBrKF4c0i+6P6qHio7Nw2Y+mUHUMC7Qvz HTtCmL14ExL+oE0YH5bsenkwIXCmGoh4z5b5kfhPhYjn4Y7PEq8oHySVCAGkf4a6 pBa/GQWiqoB8ldtBarpVU/ZY2lwOblviKcIl3wwIAsgS+0U6LdPcqMeRDDimLDdI 3INsKtidxoKMuDbW9FNlaw+tL9Q48TP1VW5v3sw4PN0aXJJK+SpF1drSwxzeNATG CvMxpv2F+E7NQF0hPIyMmXRTW7eCwKDC1Xu9zwX7T2j7LJurmpyVSertQquZAhcm FHjJ6PbZVYi7KVnzdwJeSNezqnY8OqDviNP9cTVeZu8Q1rBEXUPfofu4EMVQAQ5I EZKfuiEqeHSj0fCcLVSOpiSdSm6Wss07cXygn2BTk6u2fxV/0FdWxd0sVlxPRAh6 HKRURA36wcMd6skbn5PxmPlX8xvOBqMFGUjt4ZyRGVh/zc0vVxJZINKp4+BUscez 405m8MXyLQQDUVpvba+pQ/4YHstIcW3TICgsp6jd9tir0DdJtfpgHI5gpXEtpFh0 KskB1B8/xGS/01VyWesUsJcbMfkaRGnNz7cIRyMqk/mU8pZzuaGnkOEc3C5mSy7X LPBcBS4vhZ10Ql2/2FNfoMlifa17IH/9C+LHnfTZ416H44JWDno= =0AeE -----END PGP SIGNATURE-----