Back to thunderbird PTS page

Accepted thunderbird 1:91.5.0-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted thunderbird 1:91.5.0-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 11 Jan 2022 19:35:38 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1n7Mvi-000Cl6-Oj@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Jan 2022 19:12:50 +0100
Source: thunderbird
Architecture: source
Version: 1:91.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 997841 1002570 1003280
Changes:
 thunderbird (1:91.5.0-1) unstable; urgency=medium
 .
   [ Carsten Schoenert ]
   * [8d4e5f8] New upstream version 91.5.0
     Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
     CVE-2022-22743: Browser window spoof using fullscreen mode
     CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
                     mode
     CVE-2022-22741: Browser window spoof using fullscreen mode
     CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
     CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
     CVE-2022-22737: Race condition when playing audio files
     CVE-2021-4140: Iframe sandbox bypass with XSLT
     CVE-2022-22748: Spoofed origin on external protocol launch dialog
     CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
                     event
     CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
                     escape website-controlled data, potentially leading to
                     command injection
     CVE-2022-22747: Crash when handling empty pkcs7 sequence
     CVE-2022-22739: Missing throttling on external protocol launch dialog
     CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
   * [a86c0b4] Rebuild patch queue from patch-queue branch
     Modified patch:
     debian-hacks/Add-another-preferences-directory-for-applications-p.patch
     Reworking the patch so LoadDirIntoArray is working again that is adding
     an additional syspref folder for global settings to use.
     (Closes: #997841, #1003280)
   * [442988b] autopkgtest: Adding check for accessing syspref folder
 .
   [ Jochen Sprickerhof ]
   * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v'
     (Closes:#1002570 )
Checksums-Sha1:
 8a9393d4c4f72ce5109cc10699be6ebb0e302231 8430 thunderbird_91.5.0-1.dsc
 972792b86fb55a90d45d268a3ccdbdf2ee503de8 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
 f8975543e11cc0f9c32ce5a589ac771173a68476 427588784 thunderbird_91.5.0.orig.tar.xz
 994f83ad2ff32005c003f296bcaf1609c18ee278 543456 thunderbird_91.5.0-1.debian.tar.xz
 b696ba12b80bd69733d0bdb1d3053d3babe65741 36602 thunderbird_91.5.0-1_amd64.buildinfo
Checksums-Sha256:
 46f949a95ef8e0ef3d605fb64375af69b6f5b4031815b332fc9e8ec545c17dc2 8430 thunderbird_91.5.0-1.dsc
 fd289bdda7e01030b91628cbbef0ca6339b16df29f4d0cdc3d0aefdd2e3abe79 12014504 thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
 8a86d2c6c1114bb4c2dd82586f45c39a24addb470b789176e34a7ea00f2ab4b2 427588784 thunderbird_91.5.0.orig.tar.xz
 6735b3b9e880ecfdcfb94ace5be69bf7cc1c48c44236c4f50f36007eb3016c8a 543456 thunderbird_91.5.0-1.debian.tar.xz
 47884dfc05f3165941991c847a8512e3b2c3f9ac92a39762cc374833e5c637b3 36602 thunderbird_91.5.0-1_amd64.buildinfo
Files:
 fdab056198dd66eaa21bb101f43011bd 8430 mail optional thunderbird_91.5.0-1.dsc
 46ad33a3d6597a54c6d6ceb4e24f88c5 12014504 mail optional thunderbird_91.5.0.orig-thunderbird-l10n.tar.xz
 5ffbe3d52101096f33b29fb729daccbc 427588784 mail optional thunderbird_91.5.0.orig.tar.xz
 8ebeecc9d114de0ac8754c802e80949f 543456 mail optional thunderbird_91.5.0-1.debian.tar.xz
 6ade50cfba9d8adc86a0a1b40221ef97 36602 mail optional thunderbird_91.5.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmHd1eoACgkQgwFgFCUd
HbCR3g//Qefl8p3F9vgXsPTqUA0XUg7dYbsN6rnzRDEVt+Weto8SWZw37JfjOezL
x60j3b2I7aLeZ4m+cOL8Yiokqnxe4YOwFq/pwxUSuFX5R+1dojpyqH28NLApLrMF
71MFF1wsABxzeEGyKQBy312UEBPXlPGT5c2esxbsBi83L3oBXljHytDyLN8r4rgj
0yZHmRpnD9Pz+TTKjCIFMsIIlXcwqr2LAmnnENSS3RozljNDizw7nKoJ8v/zesCK
RhZNMPHL2WFkhsTfnl7i9ugCtQH1F3SHcjJRdfi9wGaW8pT59Gu+hSj3VmSUURN1
hkcnf3wqneN4frNpdap1SezkJOognFL/WxQfhRgGU+YauiJpirG5FSTVwQoRYWu3
B7kaCn1JVxK1+ZReWDkYKMl4kTz6w40dLa/FHnPmFynpmWrwUE3hbbHKzSZ75BcT
2JXVEbRHVRTtdzr9PkH5sYYzejqFXAGntcOtcHirxlp/vuag6Fji0gfMeG5Itwq5
fYWIc7dJk2HZIck35bcU3Qx4Z0DWxoV3xMZHQ6UAZM1SypMbS9+Y5rz+gfCrvbJe
pa3DD9N0qTEp5wfdftIhDi8rMZTVpcPpccr/3dLbOw+kKNE6enUAjkWioXXFGDe8
Z/Pu4Cvg2/cQIkjSZSk6ew4iOzBa1P7N00Tn1v+WN8CxW470eQU=
=7ER1
-----END PGP SIGNATURE-----