-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Mar 2025 09:32:56 +0100
Source: thunderbird
Architecture: source
Version: 1:128.8.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.8.0esr-1) unstable; urgency=medium
.
* [bb4e012] d/control: Increase Standards-Version to 4.7.1
* [7843a54] New upstream version 128.8.0esr
Fixed CVE issues in upstream version 128.8 (MFSA 2025-18):
CVE-2024-43097: Overflow when growing an SkRegion's RunArray
CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the
Browser process
CVE-2025-1931: Use-after-free in WebTransportChild
CVE-2025-1932: Inconsistent comparator in XSLT sorting led to
out-of-bounds access
CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs
CVE-2025-1934: Unexpected GC during RegExp bailout processing
CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar
CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the
interpretation of the contents
CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird
128.8
CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136,
Firefox ESR 128.8, and Thunderbird 128.8
Checksums-Sha1:
894cec2e362fbd5b3eb2b913fbaa7ab4fbe5ea47 8476 thunderbird_128.8.0esr-1.dsc
2f44fb428743321871cfb2cdf49938e92399e5c6 13432144 thunderbird_128.8.0esr.orig-thunderbird-l10n.tar.xz
fa5ee7ddc584233e039b4bac62c7b957b982793e 698185604 thunderbird_128.8.0esr.orig.tar.xz
ccebdbfb21bb3b0aca15486e6787474744fcedbc 547792 thunderbird_128.8.0esr-1.debian.tar.xz
fe6fcb177cd2020b3d41f70a63a7a58f3db26176 6471 thunderbird_128.8.0esr-1_source.buildinfo
Checksums-Sha256:
3ec58364273676cf784a1e748f768334312ee5c4599ddb76b6b0a9f6437c0eef 8476 thunderbird_128.8.0esr-1.dsc
b79d6f80a9673c3364b2f9b375ef8573fb1a2dc43384287a662bd2152ac877ad 13432144 thunderbird_128.8.0esr.orig-thunderbird-l10n.tar.xz
d9e164adcc1e7460d5f58e672257d51fa3c7306cf7bce3fcb5546de0cc84f5dd 698185604 thunderbird_128.8.0esr.orig.tar.xz
4c9c6e83cd28f24fa14f25809944960b2bd64bf108aa37ab6408e32f4d63dd93 547792 thunderbird_128.8.0esr-1.debian.tar.xz
21276876ab93bb9a299181429c544d0e0b3af557ef4b5906be3ef493decedddf 6471 thunderbird_128.8.0esr-1_source.buildinfo
Files:
17f2dfaacb8fd501790d5c7b7a4ffa93 8476 mail optional thunderbird_128.8.0esr-1.dsc
c07cc69b5fdf64a3ee1cc6a7bccfe1c4 13432144 mail optional thunderbird_128.8.0esr.orig-thunderbird-l10n.tar.xz
e8f7e2d631133aff7a584fceed02cea4 698185604 mail optional thunderbird_128.8.0esr.orig.tar.xz
086d30dd2cb4973611b40512b0ffc60b 547792 mail optional thunderbird_128.8.0esr-1.debian.tar.xz
b63d32fb16cdb779297700fa65cd78cf 6471 mail optional thunderbird_128.8.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmfJ2lQACgkQJuPIdadE
IO8kkg/9G6B/uECdjsLno84Px64djtqQuYBFRy2B7/dG+CkwpcTguwZgymfifI/U
jMT94TXPWSKY0/Tfx4VTn6p7a9g+up65heEnXx8r7QwTJ8UpsXOsDLlZ++i82drb
F4c0MJh/ndJVjBZhd/dBu/SnCS6mAN9FM4BBHKLXX9PpjYDiCJIAjDU7bbRcyVw6
Ceqv9VUT/9NXKvofX4f6l95Gt0WP24Ni3x54xxsiY6UtDigjdN3djfBZeQzKpYih
sVOJhTuOLz4cocdG28josSYEZmFlWKChg4GIsioYC7ZILKJ4YU9c75TIsFzg1bHX
yOLQi4nRgJh2QxeVnf9uR3EanEZYuCkqdLJ/42Y5igYesJuVIvIVsXawTsy4EFM7
jvocD9HbTO7GkfrHM3dN+ihsdYbOauXMzdKr3lZ9sjC2R1ZjbNd0qFuU5gjOCJlC
eEO6nfjXJ8zg4Zf8WHC8fCVbig88ftsp7mVVTCHX6sR05nZNLNnv6BFBjMpu9Y0M
EVfZb9O+IWJnvfKfjngxONwa+pNvUwmnw02L9147SAxHXCS+M05ZUuWrxpnOQRSD
8n0zK7umWrEZ16Bj1U6UkDklA6svmxnM/zSmZ8J820KMHLJI/A7i5igxG5w2xug5
Pl7REe07/u7HhL5bczaicbTBjvy6pNJ6VxThBiaR1ZGNKDv73kE=
=o1Hg
-----END PGP SIGNATURE-----
