Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted thunderbird 1:140.10.0esr-1 (source) into unstable
Date: Thu, 23 Apr 2026 12:55:57 +0000
Signed by: Christoph Goehre <christoph.goehre@gmx.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Apr 2026 08:12:14 +0200
Source: thunderbird
Architecture: source
Version: 1:140.10.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Closes: 1128876
Changes:
 thunderbird (1:140.10.0esr-1) unstable; urgency=medium
 .
   * [00598c1] rebuild patch queue from patch-queue branch
     added patches:
     fixes/Fix-conflicting-types-for-once_flag-and-call_once-with-gl.patch
     fixes/Fix-sandbox-to-build-with-glibc-2.43.patch
     (Closes: #1128876)
   * [b212746] New upstream version 140.10.0esr
     Fixed CVE issues in upstream version 140.10 (MFSA 2026-34):
     CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
     CVE-2026-6747: Use-after-free in the WebRTC component
     CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs
                    component
     CVE-2026-6749: Information disclosure due to uninitialized memory in the
                    Graphics: Canvas2D component
     CVE-2026-6750: Privilege escalation in the Graphics: WebRender component
     CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs
                    component
     CVE-2026-6752: Incorrect boundary conditions in the WebRTC component
     CVE-2026-6753: Incorrect boundary conditions in the WebRTC component
     CVE-2026-6754: Use-after-free in the JavaScript Engine component
     CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component
     CVE-2026-6759: Use-after-free in the Widget: Cocoa component
     CVE-2026-6761: Privilege escalation in the Networking component
     CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component
     CVE-2026-6763: Mitigation bypass in the File Handling component
     CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces
                    component
     CVE-2026-6765: Information disclosure in the Form Autofill component
     CVE-2026-6766: Incorrect boundary conditions in the Libraries component in
                    NSS
     CVE-2026-6767: Other issue in the Libraries component in NSS
     CVE-2026-6769: Privilege escalation in the Debugger component
     CVE-2026-6770: Other issue in the Storage: IndexedDB component
     CVE-2026-6771: Mitigation bypass in the DOM: Security component
     CVE-2026-6772: Incorrect boundary conditions in the Libraries component in
                    NSS
     CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking
                    component
     CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR
                    140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird
                    150
     CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird
                    ESR 140.10, Firefox 150 and Thunderbird 150
Checksums-Sha1:
 0a1a3fb1fd53ca5e581acc52165ab4d22d0dd6eb 8445 thunderbird_140.10.0esr-1.dsc
 d090868c85e532ba573a4b425a89a8d95af3fd1b 12278116 thunderbird_140.10.0esr.orig-thunderbird-l10n.tar.xz
 d581d1c7a36eca47a59c042a8720574e3f8ae26e 787453480 thunderbird_140.10.0esr.orig.tar.xz
 676ff774dcff45c518e0969db1565c8ade8bbeeb 569064 thunderbird_140.10.0esr-1.debian.tar.xz
 b06970806f84d6a46f32962894855480b079c17b 8203 thunderbird_140.10.0esr-1_source.buildinfo
Checksums-Sha256:
 819a6953cc0568a0a98aa32558ce0efc430d8bc0012eff02469a677ec3f8158a 8445 thunderbird_140.10.0esr-1.dsc
 e3f0c314d80ac87416766a32caf4a9eaf5bb78011b06473d65765197264e2161 12278116 thunderbird_140.10.0esr.orig-thunderbird-l10n.tar.xz
 f069acc961bb179188fe6207ab45748b10c21019f1d33058db64ac20582ce665 787453480 thunderbird_140.10.0esr.orig.tar.xz
 a0ea1f2db18fc6778020f6a059fba5a643ed3f76179cc04b929876db0364394d 569064 thunderbird_140.10.0esr-1.debian.tar.xz
 6d54f7eea3fe7a26deadddcf9ee3616c99c949544e918c4919e9e14fa2b48405 8203 thunderbird_140.10.0esr-1_source.buildinfo
Files:
 dd4353a4f9684115d7f063bab0faa80a 8445 mail optional thunderbird_140.10.0esr-1.dsc
 db2d07bd42decf7869a2ae45490c2a94 12278116 mail optional thunderbird_140.10.0esr.orig-thunderbird-l10n.tar.xz
 3ac1de2500c88389315a03f20858aedc 787453480 mail optional thunderbird_140.10.0esr.orig.tar.xz
 4d80a23b019b92aa4be2626b6cf0d9a1 569064 mail optional thunderbird_140.10.0esr-1.debian.tar.xz
 4b0df470fcc98a041afe3c713606603e 8203 mail optional thunderbird_140.10.0esr-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmnp+vkACgkQJuPIdadE
IO/tDA/+MVSEAOETmIDM1KUYDPLDoWAOXHdXkqPXM7KFeQks02JWoIukrd4MeFEw
5NEgFfHOP7Rn2NoH3wv5ks55nwWPA+Vxwp8XRZZw3y8e8bG20ccDRgACnFDQWEdQ
jZzmB74eirwDUnDV5AmXNkBGO1DpUoFb/dSyKeB7Xodm+qDXf2r9MTwjHFoSo1g1
KLJDoW06Xc36FwMRjvIeRQX75drjIFurGZhwVZNupW2PPRtEEwL+rZ49CZexAMOG
lKnicp1b6691yynIQAiNV69xkX+fOMlcEqqLUaagd+su9hKiRKOJty7ajFk/J/jE
BGWXwF/G1Jy/SlPeTRi5plxC6B4pBixfJJkBJ1MYcZC59ekgIUSC7vr2JnRvue/4
zCRIrP8Bm/l1FmXMYciCEJ8sc5KlM0yV6wNOwB0qGTBLceppQqhkykW8Gt+nrdrN
i5uFmnko+4NKgqoh+rxzDIyLGsBSG6KOsPYSNzw009bm807i851oY6+yrqmf6uhW
gf1ZYgQGwWRF8jsaSnMGAEiq3JH8FBD8c4vwR5gUQ6bEUvpxFoS1xFe0MgAMYfeV
3Yn/wFss7LFzj/cNPqtyMRJdGkH9DACyfgtGrIWZBYXInYy2HWfsES+PSjsPIURo
YKKd/Wwsx8TdpQiWs5TQNNaWrYJ1ntT4RTnbZWakVdGmdnBR2zM=
=ttNS
-----END PGP SIGNATURE-----
News for package thunderbird
