Accepted thunderbird 1:91.5.0-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jan 2022 19:12:50 +0100
Source: thunderbird
Architecture: source
Version: 1:91.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 997841 1002570 1003280
Changes:
thunderbird (1:91.5.0-1) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [8d4e5f8] New upstream version 91.5.0
Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
CVE-2022-22743: Browser window spoof using fullscreen mode
CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
mode
CVE-2022-22741: Browser window spoof using fullscreen mode
CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
CVE-2022-22737: Race condition when playing audio files
CVE-2021-4140: Iframe sandbox bypass with XSLT
CVE-2022-22748: Spoofed origin on external protocol launch dialog
CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
event
CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
escape website-controlled data, potentially leading to
command injection
CVE-2022-22747: Crash when handling empty pkcs7 sequence
CVE-2022-22739: Missing throttling on external protocol launch dialog
CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
* [a86c0b4] Rebuild patch queue from patch-queue branch
Modified patch:
debian-hacks/Add-another-preferences-directory-for-applications-p.patch
Reworking the patch so LoadDirIntoArray is working again that is adding
an additional syspref folder for global settings to use.
(Closes: #997841, #1003280)
* [442988b] autopkgtest: Adding check for accessing syspref folder
.
[ Jochen Sprickerhof ]
* [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v'
(Closes:#1002570 )
Checksums-Sha1:
8a9393d4c4f72ce5109cc10699be6ebb0e302231 8430 thunderbird_91.5.0-1.dsc
972792b86fb55a90d45d268a3ccdbdf2ee503de8 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
f8975543e11cc0f9c32ce5a589ac771173a68476 427588784 thunderbird_91.5.0.orig.tar.xz
994f83ad2ff32005c003f296bcaf1609c18ee278 543456 thunderbird_91.5.0-1.debian.tar.xz
b696ba12b80bd69733d0bdb1d3053d3babe65741 36602 thunderbird_91.5.0-1_amd64.buildinfo
Checksums-Sha256:
46f949a95ef8e0ef3d605fb64375af69b6f5b4031815b332fc9e8ec545c17dc2 8430 thunderbird_91.5.0-1.dsc
fd289bdda7e01030b91628cbbef0ca6339b16df29f4d0cdc3d0aefdd2e3abe79 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
8a86d2c6c1114bb4c2dd82586f45c39a24addb470b789176e34a7ea00f2ab4b2 427588784 thunderbird_91.5.0.orig.tar.xz
6735b3b9e880ecfdcfb94ace5be69bf7cc1c48c44236c4f50f36007eb3016c8a 543456 thunderbird_91.5.0-1.debian.tar.xz
47884dfc05f3165941991c847a8512e3b2c3f9ac92a39762cc374833e5c637b3 36602 thunderbird_91.5.0-1_amd64.buildinfo
Files:
fdab056198dd66eaa21bb101f43011bd 8430 mail optional thunderbird_91.5.0-1.dsc
46ad33a3d6597a54c6d6ceb4e24f88c5 12014504 mail optional thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
5ffbe3d52101096f33b29fb729daccbc 427588784 mail optional thunderbird_91.5.0.orig.tar.xz
8ebeecc9d114de0ac8754c802e80949f 543456 mail optional thunderbird_91.5.0-1.debian.tar.xz
6ade50cfba9d8adc86a0a1b40221ef97 36602 mail optional thunderbird_91.5.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmHd1eoACgkQgwFgFCUd
HbCR3g//Qefl8p3F9vgXsPTqUA0XUg7dYbsN6rnzRDEVt+Weto8SWZw37JfjOezL
x60j3b2I7aLeZ4m+cOL8Yiokqnxe4YOwFq/pwxUSuFX5R+1dojpyqH28NLApLrMF
71MFF1wsABxzeEGyKQBy312UEBPXlPGT5c2esxbsBi83L3oBXljHytDyLN8r4rgj
0yZHmRpnD9Pz+TTKjCIFMsIIlXcwqr2LAmnnENSS3RozljNDizw7nKoJ8v/zesCK
RhZNMPHL2WFkhsTfnl7i9ugCtQH1F3SHcjJRdfi9wGaW8pT59Gu+hSj3VmSUURN1
hkcnf3wqneN4frNpdap1SezkJOognFL/WxQfhRgGU+YauiJpirG5FSTVwQoRYWu3
B7kaCn1JVxK1+ZReWDkYKMl4kTz6w40dLa/FHnPmFynpmWrwUE3hbbHKzSZ75BcT
2JXVEbRHVRTtdzr9PkH5sYYzejqFXAGntcOtcHirxlp/vuag6Fji0gfMeG5Itwq5
fYWIc7dJk2HZIck35bcU3Qx4Z0DWxoV3xMZHQ6UAZM1SypMbS9+Y5rz+gfCrvbJe
pa3DD9N0qTEp5wfdftIhDi8rMZTVpcPpccr/3dLbOw+kKNE6enUAjkWioXXFGDe8
Z/Pu4Cvg2/cQIkjSZSk6ew4iOzBa1P7N00Tn1v+WN8CxW470eQU=
=7ER1
-----END PGP SIGNATURE-----