-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 01 Jul 2022 20:12:40 +0200 Source: thunderbird Architecture: source Version: 1:91.11.0-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Closes: 1014004 Changes: thunderbird (1:91.11.0-1) unstable; urgency=medium . * [05a947d] New upstream version 91.11.0 Fixed CVE issues in upstream version 91.11 (MFSA 2022-26: CVE-2022-34479: A popup window could be resized in a way to overlay the address bar with web content CVE-2022-34470: Use-after-free in nsSHistory CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI CVE-2022-2226: An email with a mismatching OpenPGP signature date was accepted as valid CVE-2022-34481: Potential integer overflow in ReplaceElementsAt CVE-2022-31744: CSP bypass enabling stylesheet injection CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being blocked CVE-2022-2200: Undesired attributes could be set as part of prototype pollution CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102 (Closes: #1014004) * [4c4944d] Rebuild patch queue from patch-queue branch Added patch: fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch Checksums-Sha1: 0cde5d50ad508a6e57b7ac3e6d18a9f20d5cc7c4 8440 thunderbird_91.11.0-1.dsc a837181ea3355dfd2cf073c48767cc811bbd5fc1 12255796 thunderbird_91.11.0.orig-thunderbird-l10n.tar.xz f7013d961b79a33e5d4adc648ae314b0996899f9 427052652 thunderbird_91.11.0.orig.tar.xz 1f0be4e3723c62ce84f6264a9876fa3bdee444dc 546084 thunderbird_91.11.0-1.debian.tar.xz a2b325e9055418c45b1025f35f4ed71fe5db5ed3 36990 thunderbird_91.11.0-1_amd64.buildinfo Checksums-Sha256: 53bcc7b29026ca8813cb62ef7d6554e84f7aa7ace9a5ea6d2d6f8b87c654a0a9 8440 thunderbird_91.11.0-1.dsc b31a249cde02c3de9a57949ec0683a196fa8b2c0ccc540b24b880d183bf2682b 12255796 thunderbird_91.11.0.orig-thunderbird-l10n.tar.xz 37bd7d8373ca2646b58f20655cca0d27f8de6db6c99f96a00b65ca6e6a8bb91f 427052652 thunderbird_91.11.0.orig.tar.xz 5318d55fad7b9fad00a39f2cba767c83364f6f19dd07eb814c61f5669d9dcc69 546084 thunderbird_91.11.0-1.debian.tar.xz c3c14fcdaca53327d023de13409625d9bd171ca2d70a4868c3bdb1e2f5933e03 36990 thunderbird_91.11.0-1_amd64.buildinfo Files: ccf471332eb265c0972f1188025065dc 8440 mail optional thunderbird_91.11.0-1.dsc 7d308175c141038596229361aff10864 12255796 mail optional thunderbird_91.11.0.orig-thunderbird-l10n.tar.xz 378935c9871c5652b3870e9d76982efe 427052652 mail optional thunderbird_91.11.0.orig.tar.xz 73d37cec1e2be08232852185a83bc578 546084 mail optional thunderbird_91.11.0-1.debian.tar.xz f12c03d3e18f03410687f9502d41c571 36990 mail optional thunderbird_91.11.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmK/Sy0ACgkQgwFgFCUd HbAveBAAsIWjqcodbuh7yC572cBcTujqoGxm3XS1QNt8VvEzkYwEYcqu8FxAqV6O OBFaKw8SIcrN8QJlxhQlGfOPrm0iSVvTK1ln5vjT8P/ESgNBzhaxZwq8i67ksPxE OV5hH20LJa6A0RBhk2crxwUAi/wzWr1fe6GrQ+IZDQhmH2KTcOnn7+x/UaCN32mg aQ5TW4/jpCZmTGjxWCQLWCluEuotlfBl98flUbld8+ongiLfwU7e+HUlDdvkzBki 94h4UieHdwL3a87c6YsWsN3PNl0apDf9W2dAQbVrq5qzF6fYGb6+6TG/7IGIrAoH xF5LLpfRgFQlrbVbd6WpZNntIIjcqgRRH4g5ZLfSMnmEgyonbd2XDqFrVUwnJyRm XZnfrtSZLqVu2XCyKQnL6cLC+6Sjpdegu0Tay2n6XVLkTn2V43vewXfkA1T3Vy0Q zK3GsUbjmlbQzeCY7F4bdIUP+Vucvf/xH6wB0LTT+4mTpQWjkOEGgu8uILcyGybw Mlk0ohaekCupHnZFlsEPncKzu7kISJCWnDgtsnZ5DzqzkkEImG6gFfOsR1UQHOZX TU6z3nFegsq1NGtremFWqoDLES/1XilNF7e853B8b7hlgPKbk7KDF3hax5NIAM2r +wdXFTfxo3myBlJvjdQsNjai/3mvaiKlZCJd19nreUDIzcVQroI= =CRLO -----END PGP SIGNATURE-----