-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Dec 2025 10:07:20 +0100 Source: thunderbird Architecture: source Version: 1:140.6.0esr-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoenert@t-online.de> Changed-By: Christoph Goehre <chris@sigxcpu.org> Closes: 1115859 Changes: thunderbird (1:140.6.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [6956481] Rebuild patch queue from patch-queue branch. Added patch: debian-hacks/all-thunderbird.js-Append-esr-to-VERSION-variable.patch (Closes: #1115859) . [ Christoph Goehre ] * [f9ca412] New upstream version 140.6.0esr Fixed CVE issues in upstream version 140.6 (MFSA 2025-96): CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component CVE-2025-14323: Privilege escalation in the DOM: Notifications component CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14328: Privilege escalation in the Netmonitor component CVE-2025-14329: Privilege escalation in the Netmonitor component CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14331: Same-origin policy bypass in the Request Handling component CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 Checksums-Sha1: 7a931ba5612a77a7b23832a962ceb7fa8aa6b0d1 8437 thunderbird_140.6.0esr-1.dsc 2c862e85596911802a246cc0c57eb911a7ba91b2 12198392 thunderbird_140.6.0esr.orig-thunderbird-l10n.tar.xz ebc8e23c31e48cdcde26a7fedc17fa9fcf600e49 786321004 thunderbird_140.6.0esr.orig.tar.xz 67dd7842e83a0d6450022de0f051e5e7ea13d46f 552648 thunderbird_140.6.0esr-1.debian.tar.xz 969d53e51c4d8ddcb3e7e1a33bd87a3fcce7feb7 8134 thunderbird_140.6.0esr-1_source.buildinfo Checksums-Sha256: e8688baed31c86903bef431f46949cd2bb1f658f28ac94c473926d8af9960549 8437 thunderbird_140.6.0esr-1.dsc dc3fadd9384889a1fd9afbbde108b18cdacb8df95b7cbce96283a387ed3638fd 12198392 thunderbird_140.6.0esr.orig-thunderbird-l10n.tar.xz fceb93fee82131b5467e4e70b433cbc2e7737bb1ad81be9477932d10326d6b03 786321004 thunderbird_140.6.0esr.orig.tar.xz 009949164cdc0c98dfcec953d08ff876efbe31b85553ab1e1b3cc78bd86537ad 552648 thunderbird_140.6.0esr-1.debian.tar.xz 45e51964f711b6bce05bb01703e963c73f6d05ddceef4913bbd0f668185a5dfb 8134 thunderbird_140.6.0esr-1_source.buildinfo Files: 2d80b91cce31779cbd685ccc48850f90 8437 mail optional thunderbird_140.6.0esr-1.dsc bb9c056db5c5e87e0dc8ddbe1d9556bc 12198392 mail optional thunderbird_140.6.0esr.orig-thunderbird-l10n.tar.xz b7d13f041d52ad4acf07a9408cb570c7 786321004 mail optional thunderbird_140.6.0esr.orig.tar.xz be066cf02b8a67449d53c571566ce401 552648 mail optional thunderbird_140.6.0esr-1.debian.tar.xz 968ed46d706f348c5d5ab9f6c16c51f4 8134 mail optional thunderbird_140.6.0esr-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmk666wACgkQJuPIdadE IO8IzBAApXLYxJHrZ/XbE5YVyZX6rk0bCjir8rEksvg6lXeQpkrIHGz3eOunVAG6 jGthmd/ufftj0kHzsI6e47HVSUGIDQK0Fw/Pug8Gh6kLGKzbvyNvAbJDXBkXmRps xLK2r4XvRnNnGe4qN+jGJBMT7opH1OkE1R6584p/u8nj5/zyV+MJc33cONsL6zpr gnEkV3VQjLIt8g3yBcQQo7oy6pQtZdBj1xYDd+yqWjw7dBRTJsDJQtVNpJNg324h vD4+vtpkCPJqUEPXONrH1kr/HxQH1OtVUVWlc0yH52sCUVL4hBbwv3cg1Y+MEtU7 cG5rq5QNaU0P+P3WdUCvmRdqS02OZqt+SQj8k5rJJ/gcKwMwDVWgxfLQVrVLApuu IDt1nK7uwdvFF6ZaHqID+byJaCW8tp+PVHct+ov5nOGJpo4VHvfs4ingre3FwPOC EyW7fruCThkU7EYABrOpbRZ66QTX9IgD/qUipBJ7drVLJ1D/rkmVkljB2NN4xM7l fOIM0CMyzrdd3OPiMEMweQUzOjjYEfve0w1hI7dg9LF7I3D4MCBIYUS8pCRTAFPz njOhpXBUfzUcC8145cSoUDGM+ELfcBG2M3FTMnF0Fj6hghYUkuopWNEWKDrGTJ92 nmPrNOWMvnn6GDCtcUh7sNRd7I7Y/zNS0DjWc0e+KsaQ54dNw2c= =ST6P -----END PGP SIGNATURE-----
