Accepted thunderbird 1:102.5.0-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted thunderbird 1:102.5.0-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 15 Nov 2022 20:34:10 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: thunderbird_102.5.0-1_source.changes
- Debian-source: thunderbird
- Debian-suite: unstable
- Debian-version: 1:102.5.0-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=270M3bFBOY7zp3tGF64uNPDESrCf0/UZAg0YeMhkIPo=; b=cicjMGgVMnNwrlaazC9NV8OsXV EPLMVyrGl2EtIjK8Qz49Zs8Ub/BdVEFm78AAEulnFKW1btz+3o8AdrTJzNa0gyPD1vM+wyQMUxS89 MfjwUpnK7ALN8yH89dYSoQ4L7YovzqtNy1/tKmWbeayN+vxEM7XFRlNzBlk7popewGGTj768Ykkg5 u9IPMJaN6cRoU67sndzLZ6Ncl4zC9n17qA5dsaggL6nYngnQWMNSu0MSV2pXf/isvfPMpIhvJ653r 8CIB7/I5x/gdwUe0L7/wlwYmx/ALuwNCy3X6kwILJWI+x4RACXIFKx0YZslZ/1bTESUnBzq3WIjjg HG6zl8rA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1ov2dG-0002fq-VZ@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Nov 2022 19:34:55 +0100
Source: thunderbird
Architecture: source
Version: 1:102.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 1023789
Changes:
thunderbird (1:102.5.0-1) unstable; urgency=medium
.
* [2f04265] New upstream version 102.5.0
Fixed CVE issues in upstream version 102.5 (MFSA 2022-49):
CVE-2022-45403: Service Workers might have learned size of cross-origin
media files
CVE-2022-45404: Fullscreen notification bypass
CVE-2022-45405: Use-after-free in InputStream implementation
CVE-2022-45406: Use-after-free of a JavaScript Realm
CVE-2022-45408: Fullscreen notification bypass via windowName
CVE-2022-45409: Use-after-free in Garbage Collection
CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite
cookie policy
CVE-2022-45411: Cross-Site Tracing was possible via non-standard
override headers
CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
CVE-2022-45416: Keystroke Side-Channel Leakage
CVE-2022-45418: Custom mouse cursor could have been drawn over
browser UI
CVE-2022-45420: Iframe contents could be rendered outside the iframe
CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5
* [57e94ac] Rebuild patch queue from patch-queue branch
Added patches:
fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
(Closes: #1023789)
Checksums-Sha1:
89349c1f378166181f3a96af91a167f210d6b7b9 8494 thunderbird_102.5.0-1.dsc
a154b8d6e96b9449c2f3d7c8153676b7b8692b98 12288628 thunderbird_102.5.0.orig-thunderbird-l10n.tar.xz
0dd6f058be5fe468e05600f7b5583e854fcfe62a 523883664 thunderbird_102.5.0.orig.tar.xz
8ee56e0b945f735028583978c74c8dac1d541163 546940 thunderbird_102.5.0-1.debian.tar.xz
2ae5a9358c0be09d67366d7cde77f30360e2f7f1 37484 thunderbird_102.5.0-1_amd64.buildinfo
Checksums-Sha256:
f6705b5275d0b7de9f356a0096f27411fbf6bfc8ebf1fa3c1a65f71886a5b367 8494 thunderbird_102.5.0-1.dsc
9fce769c70b198b568feaffc4be9e6ad64311338c1bb0ee250dd19d233548096 12288628 thunderbird_102.5.0.orig-thunderbird-l10n.tar.xz
f16d428c88f3e05ffec834eaa0d359a93edd0367a283c3d111bef382fad2e191 523883664 thunderbird_102.5.0.orig.tar.xz
70fd662df8c343b41a5501f413d6adce831904e86107b85fc2ebfbb4b00a0414 546940 thunderbird_102.5.0-1.debian.tar.xz
c8a42ed02b4141404b3d02f553b3c5020486454b4a54dda301df3f9db463c52d 37484 thunderbird_102.5.0-1_amd64.buildinfo
Files:
d91a258b41e218d54cba893235c4bcdd 8494 mail optional thunderbird_102.5.0-1.dsc
8cbd2ee4e9173277fcec58001f679f8a 12288628 mail optional thunderbird_102.5.0.orig-thunderbird-l10n.tar.xz
7ee2ef2bc9bb11e27d4c882ed4dcfc32 523883664 mail optional thunderbird_102.5.0.orig.tar.xz
4498536f2ddff0e9ed8672d89be10504 546940 mail optional thunderbird_102.5.0-1.debian.tar.xz
77d139f901c43e35f6f57a0cc225fb5d 37484 mail optional thunderbird_102.5.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmNz59UACgkQgwFgFCUd
HbAleA//RekEWGkauns3pqkgmvDUtn+nzbDy7kB7/9a0dUuJQUwP+/Mps08lu71z
0GtVqssTxhECNNOJQwiJNjkrcCJ5ejccXiHE6WLK7WGmnfFu1Re7+nxVGDz2w08O
k7tURv2IKRTAiTqBsWCRc0szlmAwkiYRCSWq9OTYxq1IyVmFAXD2NE4znK5BFHni
+Qkr6jtWq2OMieTT2h0BL0mNIMBicBj5hzdgNkVEm8An7G0Yq38lddWIZ2I5Wi6A
QrIT1SdYmfpgsf32nj2Ltg7hXSbQDv0aeJHnMV5m4+mLlx6gJH+2iOXRowtxGVy2
cQPU/7DNEBs0kc9RSyDPQ9qC0lEqGdP/cQFrseKQN0HPusHTDB9hwpA1I0QU1vY/
hbjgqLTZpbwVQD7H9jvl96d238owqejQoeeqS1Wxyxd/wtiL01YjfA1OtyBXifc7
aJMQHGXV4wXMxwAwH73ArvkmSSNsR6kEp2MZsP87eIUSlp3LjoycbvBBJrZt+XdA
P+t0DKSvV84DcLMt4JnagIaBPOW7cG5+NxGS/48XyrVnpR+8jPGT5OW4a2YtJisr
vvjAQntmXdAsWMmLv/P3P4h5emg7nDCag9xL8PmHCQV0FQdvdDRpywePZ/pErq9H
KdbnEzIg4njSYdrhEAPCUGWHg2bB9qwxtWh9eICKhTs0I8MJZsE=
=05DS
-----END PGP SIGNATURE-----