-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 30 Oct 2024 07:41:19 +0100
Source: thunderbird
Architecture: source
Version: 1:128.4.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.4.0esr-1) unstable; urgency=medium
.
* [33e8ca6] New upstream version 128.4.0esr
Fixed CVE issues in upstream version 128.4 (MFSA 2024-58):
CVE-2024-10458: Permission leak via embed or object elements
CVE-2024-10459: Use-after-free in layout with accessibility
CVE-2024-10460: Confusing display of origin for external protocol handler
prompt
CVE-2024-10461: XSS due to Content-Disposition being ignored in
multipart/x-mixed-replace response
CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
CVE-2024-10463: Cross origin video frame leak
CVE-2024-10464: History interface could have been used to cause a Denial
of Service condition in the browser
CVE-2024-10465: Clipboard "paste" button persisted across tabs
CVE-2024-10466: DOM push subscription message could hang Firefox
CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132,
Firefox ESR 128.4, and Thunderbird 128.4
Checksums-Sha1:
70aba60cae7c3c405cdf2d057a406c8a82d407c0 8475 thunderbird_128.4.0esr-1.dsc
bd4d887f4852a1b2a3cd8d7cf485cbc65dcfeebb 13434232 thunderbird_128.4.0esr.orig-thunderbird-l10n.tar.xz
db2b9da90ecb1c317e508d45713d3157909f7c7a 698562244 thunderbird_128.4.0esr.orig.tar.xz
47ce0a0d1af7e7a68a5d9be4345e82f02e0db41a 546696 thunderbird_128.4.0esr-1.debian.tar.xz
babb274a78988703ecbc84f33d5a02a9813d5cf9 6875 thunderbird_128.4.0esr-1_source.buildinfo
Checksums-Sha256:
c51bdda8e81e3a303898769be21848728654c7b73f32d0e2a983105055136f7e 8475 thunderbird_128.4.0esr-1.dsc
d2eeef01c9e4be2c68c9308c69031f67b87567497229e15c7209015d11346c1e 13434232 thunderbird_128.4.0esr.orig-thunderbird-l10n.tar.xz
83eb61bdf16defdb0b14cbf051e792ab16295f367f6ae387235d47ec07841316 698562244 thunderbird_128.4.0esr.orig.tar.xz
304bb7c7a2e1b81c0090a6dbeea5ad3f7c9624e3f106a53635cf1f1ec7a41fcb 546696 thunderbird_128.4.0esr-1.debian.tar.xz
a83ec7a9fbd51b783509d7ec5a0d0437e2b754fa5cb0833fb8ed8804fb3ffefc 6875 thunderbird_128.4.0esr-1_source.buildinfo
Files:
2d0ee06872ee166e15a94099cb0f4596 8475 mail optional thunderbird_128.4.0esr-1.dsc
db25f1cffe773b257bed77ad93f2388e 13434232 mail optional thunderbird_128.4.0esr.orig-thunderbird-l10n.tar.xz
1cf283454aacb720eea48134cd92b8b8 698562244 mail optional thunderbird_128.4.0esr.orig.tar.xz
bc749c04a98f882331db308e77a4ef6f 546696 mail optional thunderbird_128.4.0esr-1.debian.tar.xz
d0ed0e3786b9d70d0d7a6a434222935e 6875 mail optional thunderbird_128.4.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmcibdgACgkQJuPIdadE
IO9uqA//TTcfFaqXPXLGOynIi2HID5Oa6PCC98l/DBhribka8I9LPDsjJ/uEec2I
YvSvZvqULflYFR19TlL0P5/OASDmgovdXbeyrtUdOIZ4pRDDs7luhkvoEcPiaaqG
u8XitYUXqoLjVN1mPYjpz7KLvziinQx4WasJWuUvcm6ExDL0bG2GeESK1iEt8f0D
GmY413raKNmrrkHwe4lH2akflMLgeOJtjWC9Crk1Pfz4zDJE7sUoKbhteMgAe6tH
AlVsTqwoA7fgCE6uONPtJNb+ja3Vgp3UPby3AECWEUQxBJcjmnqsgV4SZRMqApXu
XRcjLCIquJ4qvwnLKG0tt4n50xgyA3Id/VUm6jY/lBYik14dxYUJLPv/9UG8DkBh
BigrXawMEyKHijiB0eIIu4hdma6iJvSZLnuq5sQrilegwXjLNJI2Q+S8HZS6dktK
GG7P5LIUs3Mpq18ktKwX/0LomygBl8lO0OibFoyXZsypq5uccqsn+h13xxgt9ZAz
mnAszXNaAePhwGpkIXPawpy+ECnYKdwE2MwvnnVZiKHi3WxYKDrIWsv8Lu2cS3ox
y5JIVEqnoInwzkJI92h5swG3sukJESKl4XnK9k0ny8FaEMDJFmfpaLbSTb8p/IrL
SegVuuC2jQChw0VfjtJREDG9aHHAXk+ripqC2P7aZbN4bPTddVw=
=3jAk
-----END PGP SIGNATURE-----
