-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Oct 2024 12:12:19 +0200
Source: thunderbird
Architecture: source
Version: 1:128.3.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.3.0esr-1) unstable; urgency=medium
.
* [8f4b4a5] New upstream version 128.3.0esr
Fixed CVE issues in upstream version 128.3 (MFSA 2024-49):
CVE-2024-9392: Compromised content process can bypass site isolation
CVE-2024-9393: Cross-origin access to PDF contents through multipart
responses
CVE-2024-9394: Cross-origin access to JSON contents through multipart
responses
CVE-2024-8900: Clipboard write permission bypass
CVE-2024-9396: Potential memory corruption may occur when cloning certain
objects
CVE-2024-9397: Potential directory upload bypass via clickjacking
CVE-2024-9398: External protocol handlers could be enumerated via popups
CVE-2024-9399: Specially crafted WebTransport requests could lead to
denial of service
CVE-2024-9400: Potential memory corruption during JIT compilation
CVE-2024-9401: Memory safety bugs fixed in Firefox 131/ESR 115.16/ESR
128.3 and Thunderbird 131/128.3
CVE-2024-9402: Memory safety bugs fixed in Firefox 131/ESR 128.3 and
Thunderbird 131/128.3
Checksums-Sha1:
df84dd2cd27c2970f895a8f199cd659a94d845ad 8505 thunderbird_128.3.0esr-1.dsc
bcbc7f7aaf456abbc3dbe98b342763ac84649038 13372356 thunderbird_128.3.0esr.orig-thunderbird-l10n.tar.xz
f8aa70a994c2007197a7879400c9060679bb49e4 693752412 thunderbird_128.3.0esr.orig.tar.xz
7adab047c2efec6f0ee63d49b11c8a1d97ae71bb 546344 thunderbird_128.3.0esr-1.debian.tar.xz
967b58f97c2407b002c669120cddccde9fc2673f 6886 thunderbird_128.3.0esr-1_source.buildinfo
Checksums-Sha256:
64921e681b0234b502897842d7036da60907e9c7061703c751fb5ebc7496146e 8505 thunderbird_128.3.0esr-1.dsc
6ef614f08da5f5ec50cb82a366b3adc7edb01337ebcbd7e1f9e11122dce69e01 13372356 thunderbird_128.3.0esr.orig-thunderbird-l10n.tar.xz
e1d42ddcfab231056695746a1231501cc565e065d59305a23521bf573ef04ebe 693752412 thunderbird_128.3.0esr.orig.tar.xz
ee2a3b58f256cc260236657df009fa2971b98721dfa1cb253be16fbe559f3a6d 546344 thunderbird_128.3.0esr-1.debian.tar.xz
dca3f0cc6f3dc8bcb0a51092f481429bbc7fad7c45ab758b56fca31d3210a41e 6886 thunderbird_128.3.0esr-1_source.buildinfo
Files:
2f2551bf1b519fab9c2385fd96cc69d4 8505 mail optional thunderbird_128.3.0esr-1.dsc
2c38e3ac8293970b0a9561bc6b430bf1 13372356 mail optional thunderbird_128.3.0esr.orig-thunderbird-l10n.tar.xz
11eb02af1daf52afce52e3df79780e0d 693752412 mail optional thunderbird_128.3.0esr.orig.tar.xz
4cf313a4938bf9ab6c8e1bb262eb6eea 546344 mail optional thunderbird_128.3.0esr-1.debian.tar.xz
9428a9828e0d72e70f974192642ba54d 6886 mail optional thunderbird_128.3.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmcBbrEACgkQJuPIdadE
IO+yEBAAqfgGZM4dbt9bw7/f2t8mno3JOZMu2Gf6wD3mgP6Lk6DKjudtfMkni72z
NALnKYqS19MLo6lQlwpWJUFzb1MXuoJiLazNSgRJSmJgALp4EYHfLbG1KUvfKh4h
bJMIHMGWoV1G7XWRoGrpQubVyUrmETheQglaLuEeCDCbvulSVjo4D+PMgTwuKekK
fhQKEE/ee8DbGX8q6q6RE1I+SvHTb4Wrv4tGUGUHhQe8M79ljOY0F90q4VLG33gp
ZTJ27G/KG62BMFJZcm7VEmODeW+P6XMqymNyz+kI9mxGwU8u0qpdwgg9kDdYuG/u
CE3iCPtxUliSdoYbdeQtOU3McBR4ethQA+BoSb/+hVxDi4tZmFrKd/nGt/80keiM
fVT7xHA4RnwWg+IxSmUBjpYHxLSPObr+DMFKxmTWxOSNTHhe368CWtTZte57YZeg
AFI+iWvHFu7WF0JXBdraMj23Z+3TXNSbV7x6bjH0iG7MBOHtHlPv21E69YKy47xy
YpVIcVbuLo4N0VOHCQUa67sBOZhtQduBovTWKRvPMMiGupXUwsFwSb1JgPEEVZg0
T49uAPgtT6dlb3LLafMY+E0FJK0TOcbz6s/peqRZzphDh9kyG49qKlBHbjfTok6n
cLlcB7hagCmeRQCDWAn4biUNn9yLaR89xLewathIUdCquHTHqdw=
=7+AD
-----END PGP SIGNATURE-----
