-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Nov 2025 17:08:59 +0100 Source: thunderbird Architecture: source Version: 1:140.5.0esr-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Christoph Goehre <chris@sigxcpu.org> Closes: 1120427 Changes: thunderbird (1:140.5.0esr-1) unstable; urgency=medium . [ Paul Gevers ] * [e457726] tests: help.sh is really a very superficial test, so let's mark it as such (Closes: #1120427) . [ Christoph Goehre ] * [4908c1a] New upstream version 140.5.0esr Fixed CVE issues in upstream version 140.5 (MFSA 2025-91): CVE-2025-13012: Race condition in the Graphics component CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component CVE-2025-13018: Mitigation bypass in the DOM: Security component CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component CVE-2025-13014: Use-after-free in the Audio/Video component CVE-2025-13015: Spoofing issue in Thunderbird Checksums-Sha1: edabd1b1be68097bd0727eff6277a4dca47e59b4 8437 thunderbird_140.5.0esr-1.dsc be9e876897a2e63bc5cce3c2bc02b21e816158bd 12193924 thunderbird_140.5.0esr.orig-thunderbird-l10n.tar.xz 9c78220e54f5498db0fe4d84d37fddf9ae198d61 785662480 thunderbird_140.5.0esr.orig.tar.xz 1a7109806e5921119ad54e32e0a4b20ceec4c309 552120 thunderbird_140.5.0esr-1.debian.tar.xz bd4025d8cc52070dcea46c4ffaf9d79086b372a3 7962 thunderbird_140.5.0esr-1_source.buildinfo Checksums-Sha256: cbb25b483f6611fc0359e96ca93f5fdfc0cff624ddec7d626a8d4a946ada923e 8437 thunderbird_140.5.0esr-1.dsc 396eeec4648542729c9ffde01a0d3357cd79b0d0ebc55140f26e7e63edd80c38 12193924 thunderbird_140.5.0esr.orig-thunderbird-l10n.tar.xz 7a79989ac64cec551c5a5fafc0fed9cf83f48fc25fe5aceaec17efe49e4a6dcf 785662480 thunderbird_140.5.0esr.orig.tar.xz bb268f159a0f272fde7518a52167d806a0e81b47439ffc71f639c48101998c0b 552120 thunderbird_140.5.0esr-1.debian.tar.xz ac55f5969ef72549f3feec418259a87efbeacc328a41e30e1d2a7a0d7916028c 7962 thunderbird_140.5.0esr-1_source.buildinfo Files: 705394b3949d1f33375c1d634942e385 8437 mail optional thunderbird_140.5.0esr-1.dsc f14f1074756245e00ccdda43a20ee553 12193924 mail optional thunderbird_140.5.0esr.orig-thunderbird-l10n.tar.xz b4ba41714facab1546f60367647dbb5a 785662480 mail optional thunderbird_140.5.0esr.orig.tar.xz 52cec9d30427e36ffc3fad7d05fa1353 552120 mail optional thunderbird_140.5.0esr-1.debian.tar.xz ed1ceb6561e3b5b08b601c3a1865e28e 7962 mail optional thunderbird_140.5.0esr-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmkXedMACgkQJuPIdadE IO+h4w//Q1GOZ4IlpTOSQNY+30Krv/7EuGj0GK6tpQZAejuV/T/1th/wSUP3k+fV ++gr0iY1Zoe3hn1w0WAaAxN0c16FzbcFeUjlwpkX2u4iyyg8CSSeOaBMQNU0EbgU aVEyqWJhWddLELgZsc6m874OWvga9jvmYaddGMpW4ae403HkKqA0TR9op2GZUsm/ oDOl0TpoNLSm/ofNkaRHc0x8te+lLTP02FTd1a/bFTFM4WPpnRLJ+udPe8/LyiWy DL3HqRJkA98b2HmlHzak8xWJNcOdNDsxrnm2FjZATgBzIhi60pWH2LYo4tomcUax EOaQcRI/bOTiLRHcWW4lmvfUSzu6V+EJbBB0gGYwfiL4jyqJa1q49yCyg75dPZAY LGIFGCSx8Hm3teZQD/RG+/Ti+NitI6+ZT9FDXq/xgN96hmDx4kMjn72SiQawP9+p B7WNXLUrxuu8HXM02iEcX+4W2vfNWcqZYXWO8JkSG1jZaltxvjGisFvC9gp2AgDY 91b4CyOVfYwo+2iDn9DNGBGpceNWZnZXVVqxcFwj9bM5TRXRe6Njx49oynF5w4OY 5+v6dRqrxJNDHiBzuJp1Zd3CUXmoQn/B8JySv7vW8Y0iUctPbA0QaEiy/ZBxQVuD BTIxiskUUTNpG3isyO07Jiz5HfqDT68IsPQXbQVaDXoAePW9Ie4= =/nTE -----END PGP SIGNATURE-----
