Accepted thunderbird 1:91.10.0-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted thunderbird 1:91.10.0-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 31 May 2022 19:51:58 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=atAjJqEeDQ7jPw8Oze3r0Dfd5N8YArMimgo7VPfKVD4=; b=PUCgO1mqb8Ekmbz0mTvy0ZoyOE VcX+eO9nw5p/fZzJbaPiPjMCF8thh3YgaaxhVuge8z+IKm891vVZc+LtCnT3osTE3ezjRq3iYn3KI CksCwVCcQ1g2kw7NnHyn44sxOVgaltkBiiaFf20lkEff7HdpcT70/ByujitpmlBmiIlK1gXLFVizw BZyi01G8P+JuDfB2ECIjB9SuWtXxBXVvuflqE1SyAv2KGNyA29l4ftzKL02phEA+C8vT1Hl1kJfvM Iv+ZZGFVGCctYxem3TupTwTJ8yXgz83bCh+tSww4ZeU7IT3wmu2NrmE7h2ZIef/AHM2r+LKlxNqWz Z+aBRYIg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1nw7uI-000Bcw-Nh@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 May 2022 19:36:06 +0200
Source: thunderbird
Architecture: source
Version: 1:91.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Changes:
thunderbird (1:91.10.0-1) unstable; urgency=medium
.
* [969960a] New upstream version 91.10.0
Fixed CVE issues in upstream version 91.9.1 (MFSA 2022-19):
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading
to prototype pollution
.
Fixed CVE issues in upstream version 91.10 (MFSA 2022-22):
CVE-2022-31736: Cross-Origin resource's length leaked
CVE-2022-31737: Heap buffer overflow in WebGL
CVE-2022-31738: Browser window spoof using fullscreen mode
CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
files
CVE-2022-31740: Register allocation problem in WASM on arm64
CVE-2022-31741: Uninitialized variable leads to invalid memory read
CVE-2022-1834: Braille space character caused incorrect sender email to be
shown for a digitally signed email
CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin
information
CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10
* [4b55e16] d/control: Increase Standards-Version to 4.6.0
No further changes needed.
Checksums-Sha1:
ee22b8b92c6a2847811ffeaf3f12448a912e8cc1 8440 thunderbird_91.10.0-1.dsc
55895d91504f279df05f795b56544dced672cfd1 12254608 thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz
f34647156dcc0501fdb3ffe405c9b29952d7ca20 427915508 thunderbird_91.10.0.orig.tar.xz
7f7ca566bbbd0dc7dbd79263050cf6d1884201c3 545564 thunderbird_91.10.0-1.debian.tar.xz
6e38596ff9e2cbe2de48b01a81675d9cd71c9355 36885 thunderbird_91.10.0-1_amd64.buildinfo
Checksums-Sha256:
8405185c97d96d8b853c85082f5bf45279c585f96a78964c6bd9c3ff291e24cb 8440 thunderbird_91.10.0-1.dsc
2f28e9e768f97ae96d6e68f3920f0c47024938cdb392d12930335a4833d61701 12254608 thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz
a834599ed6581e6c88dc2545d1815d9aae1a094fa16be25d26e496ae9f7b4985 427915508 thunderbird_91.10.0.orig.tar.xz
91881080c3959bed693b41e76e51cd9ecf3f5369606b72a7da5071ce552796b5 545564 thunderbird_91.10.0-1.debian.tar.xz
09d4995951f41fb3aa152f8ea073b78ebff578b76d32b8fd4e0bcf9f1dbb2fea 36885 thunderbird_91.10.0-1_amd64.buildinfo
Files:
62f49a78853feeb92f3e410c1ecea429 8440 mail optional thunderbird_91.10.0-1.dsc
3d2bb1544d52e871d577faba78058c07 12254608 mail optional thunderbird_91.10.0.orig-thunderbird-l10n.tar.xz
1f779da0c8ccc0a8b0d55c9fa9e18ab2 427915508 mail optional thunderbird_91.10.0.orig.tar.xz
886ad5c2ea71fa853dde52236c54e0a6 545564 mail optional thunderbird_91.10.0-1.debian.tar.xz
1f67a8223e0f7c091562eee067697c4f 36885 mail optional thunderbird_91.10.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmKWbWcACgkQgwFgFCUd
HbBttxAAkMpy1dqlczfEz8VuD+dcl0tjBrKF4c0i+6P6qHio7Nw2Y+mUHUMC7Qvz
HTtCmL14ExL+oE0YH5bsenkwIXCmGoh4z5b5kfhPhYjn4Y7PEq8oHySVCAGkf4a6
pBa/GQWiqoB8ldtBarpVU/ZY2lwOblviKcIl3wwIAsgS+0U6LdPcqMeRDDimLDdI
3INsKtidxoKMuDbW9FNlaw+tL9Q48TP1VW5v3sw4PN0aXJJK+SpF1drSwxzeNATG
CvMxpv2F+E7NQF0hPIyMmXRTW7eCwKDC1Xu9zwX7T2j7LJurmpyVSertQquZAhcm
FHjJ6PbZVYi7KVnzdwJeSNezqnY8OqDviNP9cTVeZu8Q1rBEXUPfofu4EMVQAQ5I
EZKfuiEqeHSj0fCcLVSOpiSdSm6Wss07cXygn2BTk6u2fxV/0FdWxd0sVlxPRAh6
HKRURA36wcMd6skbn5PxmPlX8xvOBqMFGUjt4ZyRGVh/zc0vVxJZINKp4+BUscez
405m8MXyLQQDUVpvba+pQ/4YHstIcW3TICgsp6jd9tir0DdJtfpgHI5gpXEtpFh0
KskB1B8/xGS/01VyWesUsJcbMfkaRGnNz7cIRyMqk/mU8pZzuaGnkOEc3C5mSy7X
LPBcBS4vhZ10Ql2/2FNfoMlifa17IH/9C+LHnfTZ416H44JWDno=
=0AeE
-----END PGP SIGNATURE-----