Accepted thunderbird 1:68.1.1-1~exp1 (source) into experimental
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Sep 2019 15:38:28 +0200
Source: thunderbird
Architecture: source
Version: 1:68.1.1-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Changes:
thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium
.
[ intrigeri ]
* [3f49653] AppArmor: update profile from upstream at commit ed52e4a
.
[ Carsten Schoenert ]
* [348f476] New upstream version 68.0~b5
* [2a2f101] New upstream version 68.1.1
Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
CVE-2019-11711: Script injection within domain through inner window reuse
CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins
by following 308 redirects
CVE-2019-11713: Use-after-free with HTTP/2 cached stream
CVE-2019-11714: NeckoChild can trigger crash when accessed off of main
thread
CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
segmentation fault
CVE-2019-11715: HTML parsing error can contribute to content XSS
CVE-2019-11716: globalThis not enumerable until accessed
CVE-2019-11717: Caret character improperly escaped in origins
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
CVE-2019-11720: Character encoding XSS vulnerability
CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
CVE-2019-11730: Same-origin policy treats all files in a directory as
having the same-origin
CVE-2019-11723: Cookie leakage during add-on fetching across private
browsing boundaries
CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting
permissions
CVE-2019-11725: Websocket resources bypass safebrowsing protections
CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
CVE-2019-11728: Port scanning through Alt-Svc header
CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68
CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8,
and Thunderbird 68
.
Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message
CVE-2019-11746: Use-after-free while manipulating video
CVE-2019-11744: XSS by breaking out of title and textarea elements using
innerHTML
CVE-2019-11742: Same-origin policy violation with SVG filters and canvas
to steal cross-origin images
CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
CVE-2019-11743: Cross-origin access to unload event attributes
CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
.
Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32):
CVE-2019-11755: Spoofing a message author via a crafted S/MIME message
.
* [9342624] rebuild patch queue from patch-queue branch
added patches:
debian-hacks/Set-program-name-from-the-remoting-name.patch
debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
debian-hacks/Work-around-Debian-bug-844357.patch
fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch
fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch
fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch
porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
.
removed patch (fixed upstream):
porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch
porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
.
* [25cb500] d/control: increase various versions in B-D
* [ee5b713] d/control: remove B-D on librust-cbindgen-dev
Use librust-toml-dev instead, we only need some files from this package,
librust-cbindgen-dev is a metapackage which is broken while packaging.
* [442a6b1] d/rules: work around cargo needs a HOME dir
* [4894a4c] d/control: increase Standards-Version to 4.4.0
No further changes needed.
* [bb47b68] d/control: update upstream homepage for Thunderbird
Since some time Mozilla Thunderbird has a new homepage placed on URI
https://www.thunderbird.net/
* [a3b680e] d/source.filter: update the filter sequences
New Thunderbird upstream versions bringing some new unwanted files within
the source.
* [7290ff4] d/control: remove transitional lightning l10n packages
The Lightning l10n packages moved into transitional packages before Buster
was released, now after the Buster release removing these transitional
packages. All required l10n files are available in the packages
thunderbird-$(locale) even for Lightning.
* [3d1d27d] enigmail: increase minimal usable version
Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the
version on Enigmail to the most recent version which is released while
packaging.
* [66069d9] calendar-exchange-provider: removed from Breaks
This package isn't alive in unstable and testing.
* [3b9f936] d/control: remove Xb-Xul-AppId field
Thunderbird don't has any Xul based AddOns since version 68.0
* [7d8cd7d] lintian-overrides: remove not needed overrides
Checksums-Sha1:
94d30b2bb56f8518f1115199e3b8e2045c8040cf 8289 thunderbird_68.1.1-1~exp1.dsc
e080af98c1341cb6ca7cd97b5c3fbb5bf3468101 1023616 thunderbird_68.1.1.orig-lightning-l10n.tar.xz
8256db4d6d5dc4610bb278c8c3f131f2d7c42ff6 9835500 thunderbird_68.1.1.orig-thunderbird-l10n.tar.xz
7119be1dcbac3ac7bfa9a310d36b9dcfb4e63a4d 356990904 thunderbird_68.1.1.orig.tar.xz
c40a4c72a5eac4ba6153ddad168c221c6ab66476 541408 thunderbird_68.1.1-1~exp1.debian.tar.xz
171bf5c05c04fe86161be996a29813dae79cef3f 36669 thunderbird_68.1.1-1~exp1_amd64.buildinfo
Checksums-Sha256:
902d507487f4d64c5b65e1536f4393ea6cfcf841fae71875d0d1964cbbc8f7c7 8289 thunderbird_68.1.1-1~exp1.dsc
1ae412930a2653944eb7e2119547066736a13e916bc6770d209b3d8130ed1b5e 1023616 thunderbird_68.1.1.orig-lightning-l10n.tar.xz
4627d5b6b359210778e58a36ac3327cbe80c7b8ee32e2c65f36c6211f2f6e9b0 9835500 thunderbird_68.1.1.orig-thunderbird-l10n.tar.xz
5c19adbecccb162c40de72b01bd6daf4ca4cc03defb29932ae4b7b08a20e1f64 356990904 thunderbird_68.1.1.orig.tar.xz
a88e2caefa51b095797854b9fa0d2ea509d7933ae61735cdaea13f4945448448 541408 thunderbird_68.1.1-1~exp1.debian.tar.xz
17b96d17780ce10420b821761a0427e055f15ab8e714723e49aabfa67fd07619 36669 thunderbird_68.1.1-1~exp1_amd64.buildinfo
Files:
0182fa8ad9e42d0af8b2411a8bc67c6a 8289 mail optional thunderbird_68.1.1-1~exp1.dsc
5801b318e68c74d69c3f2762f43ef0e9 1023616 mail optional thunderbird_68.1.1.orig-lightning-l10n.tar.xz
09e01feaea256e6557dd57fc08ec0873 9835500 mail optional thunderbird_68.1.1.orig-thunderbird-l10n.tar.xz
1107ea890d46e46b717888ec688e55c2 356990904 mail optional thunderbird_68.1.1.orig.tar.xz
280903d8b85c9b7a2d69e57500f226b0 541408 mail optional thunderbird_68.1.1-1~exp1.debian.tar.xz
1f54bb985cb05764ba7f961b0add94fa 36669 mail optional thunderbird_68.1.1-1~exp1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAl2PogIACgkQgwFgFCUd
HbD4gQ//eXQbkX0eNZAtxrIJzaAdTA64jZzNvGHMXGuQ4XqregKHxZs1ByiBmHeo
UVyra1vlHJwDYgPTZhDVhqFx4fM1w63QMccTPqlPOCea80am8FC10/AooMdG9TNN
4Q56BI05pWFdZpIG/ucbbmofBb8qHH2jTnQ4CusYhh25JK0Vq3HXWiiFc92Wtsff
JV0ZihkvZbSFTk3AgXdt3+v+L1buehgybcxPgsK8Ds489S/81TOY2CeeRKgp0c7l
lFrkIKN/0kI+ce+moNU9p07EXYRGi/qutwwicNZ8JPYhHn2iZeJ9zCJS97A9aoKJ
35yonMeyG7jRTXney3V83pQz52bO88JQWsHp0xb17uiLU4iMKVUj8D1lWfLYQ0R2
hHlqOO2Pk23vvKS2HkOQEM7gQjozdmg6Yc+0Xd+2rPUBNv+/+O0nQc5TZQQ3pWkF
tPfrD2RCd1fQJ1ea3QaFsPJygACb/oKjY1nvIwPDKL9txdSUibBWJqpWnqf6kxow
D5o6ZWvTHOkJFe4YR/BU2NI1iQrz0fP7B8ahpV1prdQvZ/aBD2Vy9YWxJY23aFjD
4ud1AqNGtk68su/aIpxUXuCGZ2JQ4hkIuCsw7XlFgOWXsE9i+ITJ5vO4fC8eZnkM
oYxutLEe1cbBccEbeE14P4o2QITh7F8T/F8YoxQkOfgs/oQBlXE=
=lDvU
-----END PGP SIGNATURE-----