thunderbird (1:115.10.1-1) unstable; urgency=medium
[ William Desportes ]
* [d0cbb66] Fix a typo in the wrapper file
[ Carsten Schoenert ]
* [47d140b] New upstream version 115.10.1
Fixed CVE issues in upstream version 115.10 (MFSA 2024-20):
CVE-2024-3852: GetBoundName in the JIT returned the wrong object
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free
during garbage collection
CVE-2024-2609: Permission prompt input delay could expire when not in
focus
CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the
OpenType sanitizer
CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10
* [5612f7b] d/control: Move libotr5 to libotr5t64 for bin:thunderbird
(Closes: #1069337)
* [195482a] d/mozconfig.default: Use internal shipped librnp version
The Debian package has a RC bug for longer time which would prevent the
migration of the thunderbird package to testing.
* [cd4de72] d/control: Drop dependencies on librnp{0,-dev}
* [761eb83] d/thunderbird.install: Install local built rnp tools
* [ce212a8] d/control: Increase Standards-Version to 4.7.0
No further changes needed.
-- Carsten Schoenert <email address hidden> Sat, 20 Apr 2024 19:35:18 +0200