Accepted thunderbird 1:102.7.1-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted thunderbird 1:102.7.1-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 24 Jan 2023 19:57:16 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: thunderbird_102.7.1-1_source.changes
- Debian-source: thunderbird
- Debian-suite: unstable
- Debian-version: 1:102.7.1-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=WEpdrCwbNbq82AK6S6AjnUd5diqXpbV06lFSiuRQroE=; b=X0EyhUyeRGSk7IFQ0HxiCDNyDL eDd85lmxqr1lCy9aUC1NAuixciiyNcbBy+rxpOonmr0JKRev2Oh0tXbDh3BIr1ISF2oq723W9vsIk TLR6t3gUJi6oWUHyAZYvtDT5218oDnreCHtCX6YwOq3KFegjBp+lt9yxg4NAXjcwFdeMYSQ5NPSXq F+Yt8uJAFOXOZ0X/+MvD+15CIxZUYwi2IvvRSsy1LWniKWK7wREDW7m2e22G/Db7kkDyCnTzIIjra I7QkG/yISXH++muFP0b5hRBSTLNdvE6fJ68qpOSgmmufg8pya/qodqmP/8IVutQivcZ6cd+DATu+S 9ByqomUg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pKPPw-000Fpz-RW@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Jan 2023 16:32:06 +0100
Source: thunderbird
Architecture: source
Version: 1:102.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 1028885
Changes:
thunderbird (1:102.7.1-1) unstable; urgency=medium
.
* [dbc3385] New upstream version 102.7.1
Fixed CVE issues in upstream version 102.7 (MFSA 2023-03):
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23601: URL being dragged from cross-origin iframe into same
tab triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied
to WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing
Content Security Policy via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7
Fixed CVE issues in upstream version 102.7.1 (MFSA not yet released):
CVE-2023-0430: Revocation status of S/Mime signature certificates was
not checked
* [af92a36] Rebuild patch queue from patch-queue branch
Added patch:
debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
(Closes: #1028885)
Checksums-Sha1:
0102a9367440d92b6f8f5a19dad16aa6e3d283b4 8496 thunderbird_102.7.1-1.dsc
469e1de627f32d7fd3b11d5ffc5c96bf9ed47062 12515440 thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz
6e34dc7018441229550a80a2c1a6e6668f364dee 522789916 thunderbird_102.7.1.orig.tar.xz
ed24a75ce5163af132492d38af5384d1fb1340fa 548024 thunderbird_102.7.1-1.debian.tar.xz
5ea5d1ee7ef34bc5cb52014fcd8da0f4aad5a34e 39863 thunderbird_102.7.1-1_amd64.buildinfo
Checksums-Sha256:
4b3fd11d946479ac372dde60020507e08dc04f1fa17b225d19b329a49e1f4802 8496 thunderbird_102.7.1-1.dsc
2affac3bc393e8ca8b5e8d8f78dc3167695bbfcd237fe35ddaf25dbd595ed102 12515440 thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz
51520b56816b7c95d347b843e22b63705e20cffeebbe2ad820df7980839aa261 522789916 thunderbird_102.7.1.orig.tar.xz
76928f78c88b75ad27d4dc709e5df975194569e844157a3d4c8ea9cb7dcf333d 548024 thunderbird_102.7.1-1.debian.tar.xz
43bd929586f8b27134657e1716cf8c925ec845f7db938a15d864d059d9adaaa4 39863 thunderbird_102.7.1-1_amd64.buildinfo
Files:
b80956f4862d967de220689026e51b95 8496 mail optional thunderbird_102.7.1-1.dsc
810c5e040e824659b3b13bec5ca00478 12515440 mail optional thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz
49e05fba1d86bd71e3c6c737f21954cd 522789916 mail optional thunderbird_102.7.1.orig.tar.xz
a56725f711716bcc398fbc855da9f1bd 548024 mail optional thunderbird_102.7.1-1.debian.tar.xz
7d7cb81170d8bc56e4d1b206c9933355 39863 mail optional thunderbird_102.7.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmPQHPAACgkQgwFgFCUd
HbAtaA//SjGHoDdrP5KZ+mtcN0SncKXs0S2saJh4VrLcEiZoOiguTWnfxsvCDkaW
XR8+WGOn4nMCmx/b9p4EdEHMb16Mb5uYzltLM+8WHx0dVeJ6a8//subQ5oPkiAOg
h5EhXdP8HuI2ojCVXEu+OP10a/vL+krU/xfwgjgoPUdDDPQVAJBorD1750+I19A0
U7wTCVBTUFy/KI4mePEOwiwEfw13hJnCfRv9gmxQdHNLdkFcie/jXdea41mx8DCH
d99rER1VToz4pHNYXMrqe87seILr8aa8rwrdI3dsGrdvh+F873ndqavTLO6BO+x9
v4cIBpRA9r0PaRc4F0Jl5kvz+XLra8ivJGsVPK0o8RQZSr4EIqELsKVTID0OGyxH
Ks+H8QUaFCcjwe6P/5MSgB6/iSCLnRu6stHzowCvbqf5N907q4ySSJrHjv43R932
8Cfbrmog0s9+gnxMEW9Fuja4cwE031WZtpHQMJu89YQYyU2irC1YsjjijuIJEp5U
f1PWmiWJtzl6tuOwC68NR/kQGqv8L1xIhrjZ98iYDJbDbe/MeqbzVqqJyE6VCyxA
c/y3UaRBJjxmcFz0X+9JZGOYYx/y7gLQMe9vQ6QpNN86JFNePGLODWtX7aXN8QEq
KbHWHchibP7Dk/JpwXXnWIrb0kODY8H/vFgvAQdWfNcN+uIeszM=
=RPhI
-----END PGP SIGNATURE-----