-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Aug 2024 13:12:53 +0200 Source: thunderbird Architecture: source Version: 1:128.1.0esr-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Carsten Schoenert <c.schoenert@t-online.de> Changes: thunderbird (1:128.1.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [a4bdee4] d/gbp.conf: Adjust upstream branch to new ESR cycle * [9909948] d/control: Readd dependencies on librnp{0,-dev} * [049ad32] d/thunderbird.install: Don't try installing rnp tools * [63b5a69] New upstream version 128.1.0esr Fixed CVE issues in upstream version 128.1 (MFSA 2024-37): CVE-2024-7518: Fullscreen notification dialog can be obscured by document content CVE-2024-7519: Out of bounds memory access in graphics shared memory handling CVE-2024-7520: Type confusion in WebAssembly CVE-2024-7521: Incomplete WebAssembly exception handing CVE-2024-7522: Out of bounds read in editor component CVE-2024-7525: Missing permission check when creating a StreamFilter CVE-2024-7526: Uninitialized memory used by WebGL CVE-2024-7527: Use-after-free in JavaScript garbage collection CVE-2024-7528: Use-after-free in IndexedDB CVE-2024-7529: Document content could partially obscure security prompts Checksums-Sha1: 52fd262a888621948cbf662f7f60aa927f3d7d4c 8535 thunderbird_128.1.0esr-1.dsc ebd906e51300f6d0a42303808ef68dcd7065e5d2 13261588 thunderbird_128.1.0esr.orig-thunderbird-l10n.tar.xz 8b638102e7d2959c03fb4868142482e8e3a7a4eb 697825588 thunderbird_128.1.0esr.orig.tar.xz cad432c56cea31f20f8a539b6254054350e930e2 545536 thunderbird_128.1.0esr-1.debian.tar.xz 065310c58c00d2883630d0391ae14aeb4cb3b033 41241 thunderbird_128.1.0esr-1_amd64.buildinfo Checksums-Sha256: bf9ed700217bd476513ed7baea53af35f7e47466cc6cb46e510b77c2ca2674e8 8535 thunderbird_128.1.0esr-1.dsc 490b5d3039fa541dce618cf9a32ca7c74acfacb5bfea3695d3ea0e1693e2629c 13261588 thunderbird_128.1.0esr.orig-thunderbird-l10n.tar.xz cd263745fabb75dcd88486c1ea2052af3c8166f9f6ec2e262d26ff41d5489f7f 697825588 thunderbird_128.1.0esr.orig.tar.xz 5b91aa79ca907a917d856bf4e653286241c7d884fc2e60e53eb2644f68bf2942 545536 thunderbird_128.1.0esr-1.debian.tar.xz 2bba10a8e1866c204a0ccbca655f3c024737961c8b1042d6ffe729ce8263e34d 41241 thunderbird_128.1.0esr-1_amd64.buildinfo Files: 0c5c096759f144fd6eccbee5c2071e6b 8535 mail optional thunderbird_128.1.0esr-1.dsc 2389a5fa2deb26d83e7547ebd903314e 13261588 mail optional thunderbird_128.1.0esr.orig-thunderbird-l10n.tar.xz 77b6f948adad17a3b6486f4be8f65a7a 697825588 mail optional thunderbird_128.1.0esr.orig.tar.xz ae626994bf141b6c5441c9138d269c2a 545536 mail optional thunderbird_128.1.0esr-1.debian.tar.xz b38cfb8d1b39b7f8cd6b63a799f05718 41241 mail optional thunderbird_128.1.0esr-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmazc9oACgkQgwFgFCUd HbD6vw/8CHAjTnLESXJb4LIsezzliMQHh2QIxZFOa1P0DFHjBk3qnQGX63a/EKC5 DvbYtlVaE03kQpjekXlKB0tnKJqzZs4xvkRs+f/WWWnlcEYNMZp7ZcdIEHBsSME7 IJzUe2KySayWg3zGyQLEO6cXzCqCFeqkLxwpa8Sq5In8M/sCaCuIFoR+xTaH3G9R vK8MpCUJRCAcwzc9pDYAZjo4ITXdFOVsz3SVQDg/+RxFOMUJqe13JKXy7VHAZzoy lejQdJRQ2o7due/aPnWX3ptUndDwbz1YuiY7KEFl2q0NuoQKDqbODsBDQtyfj9fU IRcdv9NES0hVWVLW3CC6HYN7UHSR8BKNBHsbny/oO4kLIyKLWpkMTI0tFHVdFHKM l/trDHRG/0WCyXuxP4P/L5Pr7esgct7Ykpfr+B7+X7LcE40X5GHtDWf2Qiy/FBzu DR4Zxx0XbrnwNFTmNFcHrdDPhvITteiqTnkIGi2NBN8ekBQxsRTrKimEaQJgN/cQ sOSL5gS3lcLgpo5bNNdzlnHPootLL11cBHqTg9PIFoDByG0sz6IPaTODYEu9ugoV hxzPJU6xDa3CW7mzGqIkNCkjMcVZOXetqQxAf0GOFBwH89AEwen2wJ9hQlAQ7rB4 9xHw26R3vXDwSlrZA22/5Z5aUS99L+GSYmgDdntFp7UXdoDLKsw= =/eB2 -----END PGP SIGNATURE-----