-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 30 Apr 2025 07:32:43 +0200
Source: thunderbird
Architecture: source
Version: 1:128.10.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.10.0esr-1) unstable; urgency=medium
.
* [2d646cb] New upstream version 128.10.0esr
Fixed CVE issues in upstream version 128.10 (MFSA 2025-32):
CVE-2025-2817: Privilege escalation in Thunderbird Updater
CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for
macOS
CVE-2025-4083: Process isolation bypass using "javascript:" URI links in
cross-origin frames
CVE-2025-4084: Potential local code execution in "copy as cURL" command
CVE-2025-4087: Unsafe attribute access during XPath parsing
CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138,
Firefox ESR 128.10, and Thunderbird 128.10
CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and
Thunderbird 128.10
Checksums-Sha1:
8c15be82880eb7de564c1aaa57604291f001483d 8485 thunderbird_128.10.0esr-1.dsc
6cf6860de79aa13cd8f38139c383a431f7dbcac5 13223020 thunderbird_128.10.0esr.orig-thunderbird-l10n.tar.xz
252d8341eaceb4c7a966fab2b4b7592947760306 701838008 thunderbird_128.10.0esr.orig.tar.xz
bea937229411f59ddf2379a56d3ec64f76ba1398 548080 thunderbird_128.10.0esr-1.debian.tar.xz
784a7259e5676c05a8b40e95fc9e2f58a1685ab6 6438 thunderbird_128.10.0esr-1_source.buildinfo
Checksums-Sha256:
87eaaea872ec04aa30b113f18a93e26deb118043cfb08f63eb93eef72228bdaf 8485 thunderbird_128.10.0esr-1.dsc
0aa9c12bea3bbf4e9fcab531cd873613575fd26c97f2133e2943815c81515c65 13223020 thunderbird_128.10.0esr.orig-thunderbird-l10n.tar.xz
a44c8e4b0da71c6397fa951ea6da278ef722c91e16c664f828ff947b661c5443 701838008 thunderbird_128.10.0esr.orig.tar.xz
7ad27e12b2c7f0660cf646c5f36693894da2d605c1268e465e22114991c89ad3 548080 thunderbird_128.10.0esr-1.debian.tar.xz
f7df949fa8f9d7aae79f9c3e30e07f90f14795c63b8358f57937ea302a34008c 6438 thunderbird_128.10.0esr-1_source.buildinfo
Files:
a5ca94a69a922aa28461a90474d9562a 8485 mail optional thunderbird_128.10.0esr-1.dsc
e5ea6ed3b004604e3fa55158f69d79fd 13223020 mail optional thunderbird_128.10.0esr.orig-thunderbird-l10n.tar.xz
54fcd2ecc5b8a2add4f17771e78ca1d2 701838008 mail optional thunderbird_128.10.0esr.orig.tar.xz
c0eefdc7a8e5e6b429d917c4768fb748 548080 mail optional thunderbird_128.10.0esr-1.debian.tar.xz
37563ad6c9980d72ca6a6fcaceaaa458 6438 mail optional thunderbird_128.10.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmgR2OQACgkQJuPIdadE
IO8pBxAA1I8tsKsnkV/o6i7ABWYH0cGNiQLeeASICwSv31ON7wSaw0NzAwpPXaRJ
btVjGgmNhMMFX0Z1QtrxerT2PMwSOvY89w6ZKcT4aqGOd3H8T9YSW5mhsrfC4EId
hCFbVMOwTudNTRN8QFWVX3Pf4sG2/MBCPIzWo6Eronr9wuu8jLJeKfZAMrJ9mRk5
+hc2do3ZshWWWXMHHOg1JTTKohmNX/DgB419/fFVM8WWiq6zGB3B6XzupLBDPVfL
VR+X7F786/KM8iLEUtSTyR2KP+x/1rvM9Yglf5CkxUUOq/vKEST9qt18vc6DzUqc
vy8pgXhTZuAEiDjRm7gMPxZagK/TyHZwlWHCQIlArTGfIbrgxuFx4btV909z1XBB
D8vZULAe6IxNcKiNK61v4XdHBZwujFWKTDjJLUeZ1whfbepo8n7ypw7qxqW9X0uf
ntfM+sEEsqkaHDwXlsLCkts62L/nd8Euwugo+6MiutMlsp8oDfIUcKRmk/XWJvv8
e4mzSgUj08Ero8k+7VWkPCAYNnnxAGM50coJ88O74+qBC6HLV4bFWGb8PF+sDxMH
TMiGYOsp7lJ95FoaK6xQdYT8XIGTQj+oaMkGPbwzNCXxAzZTTfApH4aI9VXBoqwp
2PEKu0ZRoUzoU2BKqefQvoJH5p10MxwVHE9kUZRE1AoeG4MxNsw=
=sNz5
-----END PGP SIGNATURE-----
