-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Jun 2026 19:24:26 +0200
Source: thunderbird
Architecture: source
Version: 1:140.12.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:140.12.0esr-1) unstable; urgency=medium
.
* [8715b04] New upstream version 140.12.0esr
Fixed CVE issues in upstream version 140.12 (MFSA 2026-61):
CVE-2026-12289: Privilege escalation in the Graphics: WebRender component
CVE-2026-12290: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12291: Use-after-free in the Networking: HTTP component
CVE-2026-12292: Incorrect boundary conditions in the Web Audio component
CVE-2026-12294: Sandbox escape in the DOM: Workers component
CVE-2026-12295: Sandbox escape in the DOM: Navigation component
CVE-2026-12298: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing
component
CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the
Networking component
CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component
CVE-2026-12329: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12302: Mitigation bypass in the DOM: Security component
CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies
component
CVE-2026-12305: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12306: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12307: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12308: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12309: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12310: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12311: Information disclosure, sandbox escape in the Security:
Process Sandboxing component
CVE-2026-12312: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12313: Information disclosure, sandbox escape in the Security:
Process Sandboxing component
CVE-2026-12314: Memory safety bug fixed in Thunderbird ESR 140.12
CVE-2026-12315: Mitigation bypass in the DOM: Security component
CVE-2026-12330: Incorrect boundary conditions in the Internationalization
component
CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL
component
CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component
CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12,
Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox
ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and
Thunderbird 152
Checksums-Sha1:
ba5ede9d8ea3e18aac25492bbc72198936f8331f 8445 thunderbird_140.12.0esr-1.dsc
ab53d20d32acd1baf9e8c9ddf8d695eaf81ecfe5 12279888 thunderbird_140.12.0esr.orig-thunderbird-l10n.tar.xz
91395abdf90a93df8c804bd5cf11110cf6549740 791873828 thunderbird_140.12.0esr.orig.tar.xz
1f2f64b13e78d0d5b39c074e2ed7f6212c9f190f 569684 thunderbird_140.12.0esr-1.debian.tar.xz
bfcbacb41d42639466a2f7208d5a6f87683724ec 8129 thunderbird_140.12.0esr-1_source.buildinfo
Checksums-Sha256:
381947a8a5ae985f37052e6fc4bbfcc9c4e8df65282b065cc45b7e17cbc8c897 8445 thunderbird_140.12.0esr-1.dsc
17e23777f5de4a878eb57e571f4a59686c20d569a316005de28da68802311fe7 12279888 thunderbird_140.12.0esr.orig-thunderbird-l10n.tar.xz
93259df9405dcff32ec3b0b5a554b12820935321e0bfd9fd468114d33168ee8e 791873828 thunderbird_140.12.0esr.orig.tar.xz
bc282248b79a4ac0bbda24fcb9abdb696b34a2cde8172d2eb4c60f7e7c90d2d0 569684 thunderbird_140.12.0esr-1.debian.tar.xz
8d7c59a073f98276cda872b88acaee3363b1ac268c18ae3affff9559d98adb1b 8129 thunderbird_140.12.0esr-1_source.buildinfo
Files:
b86dab6b3d24ce0187592ec9692b2e14 8445 mail optional thunderbird_140.12.0esr-1.dsc
a76e8960fe167e4cc0b939d6e0a80a8d 12279888 mail optional thunderbird_140.12.0esr.orig-thunderbird-l10n.tar.xz
f09fdc1958fa5fc5755f15c770c15b70 791873828 mail optional thunderbird_140.12.0esr.orig.tar.xz
70be263240f02d95e94959915655494c 569684 mail optional thunderbird_140.12.0esr-1.debian.tar.xz
fdf121ba5e289a4b95da63490fffbe89 8129 mail optional thunderbird_140.12.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmoyouwACgkQJuPIdadE
IO+JLg/8CtC4MHVa8Uu2v/g1HlUgr2jQAzp6g2BDOoopoUDuVxi0lS3eiROxZ9t6
+7vIhxXhZklSihDHKSbHjiPTc88Q2/jb9JkT9pGK7/2QFEqZU4p1keYxXMQyigeO
DU8m3WZ2Qc1Rj7O5Z7JFxZbTb/hDzTRMogzhG7Wm7FGtA9cC8OIf3KN7IHUnA1r5
uyGxnDt9JR9gWx87uH+2wxTs16rBacpVGHCkCwCXTiXNuhWfzBRTKHsxIZSWp7z/
SuswGIv2ECXRamBycj1CuC+ahFPg+8nMk9n6Encsr9RgCERJ8MvitCx47j0tUilf
cou2XuJqbkep0yvjTu5D5IQbYu/J4EcT0YN6ptsyOmaZ7Ms2x/KeR70fN6pkQRlU
SVq6qSPHO+/V2c2n0qX7QNgDtpxtADnSLW8eQDQNBNfcBl5WJePIl5R21qYBCeBx
nbpzYdpYEa2jwA/yU4V/QKitEnvSyrwV8zo94TexYH24nK6r+annC9eBHp4OL9iQ
jZd6Q7ni1DcmETMXSBjcxfkTVAm3U8NWUokBv91lfZTh/I91m+as3q/t/EzQtSw+
jAq0ghVPoMwJjR61/HXQrkZkuDzMVIlQMQF5CBZaSKqKvC/B531BezYdVc6AaI8i
WQIIDR3NGWpevngTZs8ecT/j+A3koBcKwPb16EpE0FtC3BXcUBQ=
=VBvu
-----END PGP SIGNATURE-----