-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 May 2025 09:01:59 +0200
Source: thunderbird
Architecture: source
Version: 1:128.11.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Changes:
thunderbird (1:128.11.0esr-1) unstable; urgency=medium
.
* [03941e7] New upstream version 128.11.0esr
Fixed CVE issues in upstream version 128.11 (MFSA 2025-46):
CVE-2025-5283: Use after free in libvpx in Google Chrome prior to
137.0.7151.55 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page.
CVE-2025-5263: Error handling for script execution was incorrectly
isolated from web content
CVE-2025-5264: Potential local code execution in “Copy as cURL” command
CVE-2025-5266: Script element events leaked cross-origin resource status
CVE-2025-5267: Clickjacking vulnerability could have led to leaking
saved payment card details
CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139,
Firefox ESR 128.11, and Thunderbird 128.11
CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and
Thunderbird 128.11
Fixed CVE issues in upstream version 128.10.2 (MFSA 2025-46):
CVE-2025-4918: Out-of-bounds access when resolving Promise objects
CVE-2025-4919: Out-of-bounds access when optimizing linear sums
Checksums-Sha1:
fcafd4ffb35200087ff4c978d3baa524e38e0fca 8485 thunderbird_128.11.0esr-1.dsc
5be0854910274299c05106c992f080722f5d27fb 13233412 thunderbird_128.11.0esr.orig-thunderbird-l10n.tar.xz
0a82ae09da4a1c8def1f31f398105a5b97755ede 698793952 thunderbird_128.11.0esr.orig.tar.xz
696677088ce4f04513b0cd2d300ecb714d215b7c 548440 thunderbird_128.11.0esr-1.debian.tar.xz
2d49178cf8ce43d8076bbdd3cb20386db003f04c 41046 thunderbird_128.11.0esr-1_amd64.buildinfo
Checksums-Sha256:
d50dba7435ac7dd14aa644367c62dcb0744a984ea348b1e1d98678b086269aed 8485 thunderbird_128.11.0esr-1.dsc
385d481ba98d21c6e962b97ad884af88596dbaf83dd4d5fe57877cd492c3b52d 13233412 thunderbird_128.11.0esr.orig-thunderbird-l10n.tar.xz
5f247ab216f531da46104bb63d60ee911f44ad9bb5af1afbe0adc37d3a514096 698793952 thunderbird_128.11.0esr.orig.tar.xz
fc18ba3974cfd33c34523d5c780b9e09de30986fefb01ce495bffdd3b79056db 548440 thunderbird_128.11.0esr-1.debian.tar.xz
1ba8108fcb4e89dfb67b4a824816e011af09a7377d885425a11ca6488c7b718d 41046 thunderbird_128.11.0esr-1_amd64.buildinfo
Files:
5d246e4fbb2014df77fc9e16d2f08945 8485 mail optional thunderbird_128.11.0esr-1.dsc
790e5f429d7a551c040363aee4015a82 13233412 mail optional thunderbird_128.11.0esr.orig-thunderbird-l10n.tar.xz
d4034bc9a7f6f53765cef547f07460e1 698793952 mail optional thunderbird_128.11.0esr.orig.tar.xz
aaf199066770d6fecd51666d85fed92f 548440 mail optional thunderbird_128.11.0esr-1.debian.tar.xz
3f5927e7f84f3da812f622b257177676 41046 mail optional thunderbird_128.11.0esr-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmg4JwIACgkQgwFgFCUd
HbBjCxAAiDR5MszwkiqoSMQII2434BtTfDqMhHlF6Gh9s8PDaWkUBIcDhOTdEMRl
jWD+G3guyr3XX5xHhL1++1/sQ2NUVLKlf+YO2fAeOSMvVwkIx/B5tW2Wbs1y1euo
ThOMtYW8cPEZAPhHPxtJZaJJR9MFYHzqDdw2Q9/1qEE7NquJoxJGrd0Krr5rN2js
kDwFrRxkC1ksyMBKDczd7YFoecIMtfmwAja/B4DVbGO9ihCc3Z0Lly92HQKPVy5y
AmbSNNU3kwc0Udq/jEzhzofNC/ZUt12GyIQXxVykO0fVSsnxyjjJHWikz2o354vv
4x6fo8LtVk5My4dE9KiUwtAICpPEHfHLU+8rQ8yVlbvdNLJSBnfHSuol9WzN71o+
EatKuEbBurzX1Zknc6RPgnr7KttXrkltV7rFIaxByVVgMNK3hz8RKPkU8uATJ/xl
6e7dG3lZduSGUqr1fAEeSTn9M77qBQvX/ltpURmoYAftLQgI36vJ82dNs/gubben
yEj97zrfzysZXXkh7MiELSdFIvLzAxB8eh2cH+mAzEAf2vXImFPX3S4XY0+koOK2
iRZfJCNLtOu6dsFK1YXOudCpRaB/cfmeoRmGudTVb4kMfNF2jSw6SZh/z0os7+e/
IOLiyE9OF3ro0CvXYlAalRhfFUfG3M2DwiDYAMVG5NtWVNTzvyQ=
=OVyz
-----END PGP SIGNATURE-----
