Change log for thunderbird package in Debian
| 1 → 75 of 227 results | First • Previous • Next • Last |
| Published in sid-release |
thunderbird (1:115.11.0-1) unstable; urgency=medium
* [47bb447] d/c-u-t.py: Ignore potentially non ESR versions
* [f008566] New upstream version 115.11.0
Fixed CVE issues in upstream version 115.11 (MFSA 2024-23):
CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
CVE-2024-4767: IndexedDB files retained in private browsing mode
CVE-2024-4768: Potential permissions request bypass via clickjacking
CVE-2024-4769: Cross-origin responses could be distinguished between
script and non-script content-types
CVE-2024-4770: Use-after-free could occur when printing to PDF
CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11,
and Thunderbird 115.11
* [b029857] d/control: Re-add build and binary dep on rnp library
(Closes: #1070871)
-- Carsten Schoenert <email address hidden> Tue, 14 May 2024 21:28:37 +0200
| Published in experimental-release |
thunderbird (1:125.0~b3-1) experimental; urgency=medium
[ William Desportes ]
* [afa7e77] Fix a typo in the wrapper file
[ Carsten Schoenert ]
* [cd67758] New upstream version 125.0~b3
* [2224a5f] Rebuild patch queue from patch-queue branch
added patches:
debian-hacks/Relax-minimum-supported-rust-version-to-1.70.patch
Thanks Mike for working on this!
* [f0b98c4] d/control: Move libotr5 to libotr5t64 for bin:thunderbird
(Closes: #1069337)
* [311f88e] d/control: Drop dependencies on librnp{0,-dev}
* [7f50d91] d/control: Increase Standards-Version to 4.7.0
No further changes needed.
* [fd7d588] d/c-u-t.py: Ignore potentially non ESR versions
-- Carsten Schoenert <email address hidden> Sat, 04 May 2024 14:28:56 +0200
| Superseded in sid-release |
thunderbird (1:115.10.1-1) unstable; urgency=medium
[ William Desportes ]
* [d0cbb66] Fix a typo in the wrapper file
[ Carsten Schoenert ]
* [47d140b] New upstream version 115.10.1
Fixed CVE issues in upstream version 115.10 (MFSA 2024-20):
CVE-2024-3852: GetBoundName in the JIT returned the wrong object
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free
during garbage collection
CVE-2024-2609: Permission prompt input delay could expire when not in
focus
CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the
OpenType sanitizer
CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10,
and Thunderbird 115.10
* [5612f7b] d/control: Move libotr5 to libotr5t64 for bin:thunderbird
(Closes: #1069337)
* [195482a] d/mozconfig.default: Use internal shipped librnp version
The Debian package has a RC bug for longer time which would prevent the
migration of the thunderbird package to testing.
* [cd4de72] d/control: Drop dependencies on librnp{0,-dev}
* [761eb83] d/thunderbird.install: Install local built rnp tools
* [ce212a8] d/control: Increase Standards-Version to 4.7.0
No further changes needed.
-- Carsten Schoenert <email address hidden> Sat, 20 Apr 2024 19:35:18 +0200
| Superseded in sid-release |
thunderbird (1:115.9.0-1) unstable; urgency=medium
* [c122f7d] New upstream version 115.9.0
Fixed CVE issues in upstream version 115.9 (MFSA 2024-14):
CVE-2024-0743: Crash in NSS TLS method
CVE-2024-2607: JIT code failed to save return registers on Armv7-A
CVE-2024-2608: Integer overflow could have led to out of bounds write
CVE-2024-2616: Improve handling of out-of-memory conditions in ICU
CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
leakage
CVE-2024-2611: Clickjacking vulnerability could have led to a user
accidentally granting permissions
CVE-2024-2612: Self referencing object could have potentially led to a
use-after-free
CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
and Thunderbird 115.9
-- Carsten Schoenert <email address hidden> Tue, 19 Mar 2024 16:55:17 +0100
| Superseded in experimental-release |
thunderbird (1:124.0~b5-1) experimental; urgency=medium * [2189bc4] New upstream version 124.0~b5 * [b943acc] d/control: Bump B-D for cbindgen libnss3-dev -- Carsten Schoenert <email address hidden> Sun, 17 Mar 2024 09:23:54 +0100
| Superseded in sid-release |
thunderbird (1:115.8.1-1) unstable; urgency=medium
* [b9b4842] New upstream version 115.8.1
Fixed CVE issues in upstream version 115.8.1 (MFSA 2024-11):
CVE-2024-1936: Leaking of encrypted email subjects to other conversations
-- Carsten Schoenert <email address hidden> Mon, 04 Mar 2024 19:13:14 +0100
| Superseded in sid-release |
thunderbird (1:115.8.0-1) unstable; urgency=medium
* [68f2fbe] New upstream version 115.8.0
Fixed CVE issues in upstream version 115.8 (MFSA 2024-07):
CVE-2024-1546: Out-of-bounds memory read in networking channels
CVE-2024-1547: Alert dialog could have been spoofed on another site
CVE-2024-1548: Fullscreen Notification could have been hidden by select
element
CVE-2024-1549: Custom cursor could obscure the permission dialog
CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to
unintended permission grants
CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie
header in response parts
CVE-2024-1552: Incorrect code generation on 32-bit ARM devices
CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8,
and Thunderbird 115.8
-- Carsten Schoenert <email address hidden> Tue, 21 Feb 2024 17:18:14 +0100
| Published in bullseye-release |
thunderbird (1:115.7.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert <email address hidden> Tue, 23 Jan 2024 19:35:14 +0100
| Published in bookworm-release |
thunderbird (1:115.7.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert <email address hidden> Tue, 23 Jan 2024 17:40:44 +0100
| Superseded in sid-release |
thunderbird (1:115.7.0-1) unstable; urgency=medium
* [6e0c26c] New upstream version 115.7.0
Fixed CVE issues in upstream version 115.7 (MFSA 2024-04):
CVE-2024-0741: Out of bounds write in ANGLE
CVE-2024-0742: Failure to update user input timestamp
CVE-2024-0746: Crash when listing printers on Linux
CVE-2024-0747: Bypass of Content Security Policy when directive
unsafe-inline was set
CVE-2024-0749: Phishing site popup could show local origin in address bar
CVE-2024-0750: Potential permissions request bypass via clickjacking
CVE-2024-0751: Privilege escalation through devtools
CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7,
and Thunderbird 115.7
-- Carsten Schoenert <email address hidden> Tue, 23 Jan 2024 16:56:31 +0100
| Superseded in experimental-release |
thunderbird (1:122.0~b2-1) experimental; urgency=medium * [7c0ec4b] d/source.filter: Update content to filter out * [f9cea81] New upstream version 122.0~b2 * [00364f5] d/copyright: Update content due upstream changes * [5bd3edd] d/t.lintian-overrides: Update entries due build changes * [789a079] d/s/lintian-overrides: Update data due upstream changes -- Carsten Schoenert <email address hidden> Sun, 07 Jan 2024 13:13:59 +0100
| Superseded in sid-release |
thunderbird (1:115.6.0-1) unstable; urgency=medium
* [aea3623] New upstream version 115.6.0
Fixed CVE issues in upstream version 115. (MFSA 2023-55):
CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP
signature
CVE-2023-50761: S/MIME signature accepted despite mismatching message
date
CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
CVE-2023-6858: Heap buffer overflow in nsTextFragment
CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
CVE-2023-6860: Potential sandbox escape due to VideoBridge lack
of texture validation
CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void)
in headless mode
CVE-2023-6862: Use-after-free in nsDNSService
CVE-2023-6863: Undefined behavior in ShutdownObserver()
CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
and Thunderbird 115.6
* [6ecaa01] d/control: Remove B-D on libiw-dev
(Closes: #1058737)
-- Carsten Schoenert <email address hidden> Tue, 19 Dec 2023 20:24:02 +0100
thunderbird (1:115.5.0-1~deb12u1) bookworm-security; urgency=medium * Rebuild for bookworm-security -- Carsten Schoenert <email address hidden> Thu, 23 Nov 2023 14:33:32 +0000
| Superseded in sid-release |
thunderbird (1:115.5.2-1) unstable; urgency=medium * [34f6404] New upstream version 115.5.2 -- Carsten Schoenert <email address hidden> Fri, 08 Dec 2023 21:21:26 +0100
| Superseded in experimental-release |
thunderbird (1:121.0~b3-1) experimental; urgency=medium
[ Christoph Goehre ]
* [d770988] d/{rules,thunderbird.install}: install vaapitest/v4l2test
only on some architectures
* [a85c9bd] rebuild patch queue from patch-queue branch
Added patch:
fixes/Install-vaapitest-v4l2test-only-when-build.patch
[ intrigeri ]
* [6c6d3ff] AppArmor: update profile from upstream at
commit 9d3fa88cdab512e45f6fd80f067337f200d356bc
[ Carsten Schoenert ]
* [35bd423] New upstream version 121.0~b3
-- Carsten Schoenert <email address hidden> Fri, 01 Dec 2023 18:19:43 +0100
| Superseded in sid-release |
thunderbird (1:115.5.1-1) unstable; urgency=medium * [eec913b] New upstream version 115.5.1 -- Carsten Schoenert <email address hidden> Wed, 29 Nov 2023 18:13:11 +0100
| Superseded in sid-release |
thunderbird (1:115.5.0-1) unstable; urgency=medium
[ intrigeri ]
* [a6be3ab] AppArmor: update profile from upstream at commit
9d3fa88cdab512e45f6fd80f067337f200d356bc
[ Carsten Schoenert ]
* [ed61fd6] New upstream version 115.5.0
Fixed CVE issues in upstream version 115.5 (MFSA 2023-52):
CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
CVE-2023-6205: Use-after-free in MessagePort::Entangled
CVE-2023-6206: Clickjacking permission prompts using the fullscreen
transition
CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
CVE-2023-6208: Using Selection API would copy contents into X11 primary
selection.
CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5
-- Carsten Schoenert <email address hidden> Wed, 22 Nov 2023 21:50:16 +0000
| Superseded in experimental-release |
thunderbird (1:120.0~b1-1) experimental; urgency=medium
* [6f842cd] New upstream version 120.0~b1
* [9cb9ff0] Rebuild patch queue from patch-queue branch
Added patch:
debian-hacks/Relax-cargo-version-requirement.patch
Dropped patches:
debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
* [f447eb6] d/control: Bump B-D for cbindgen and libnss3-dev
* [546c436] d/thunderbird.install: Drop install of plugin-container
* [e912f12] d/rules: Drop remaining lightning parts
-- Carsten Schoenert <email address hidden> Sun, 29 Oct 2023 19:10:54 +0100
| Superseded in sid-release |
thunderbird (1:115.4.1-1) unstable; urgency=medium
* [c51ab77] New upstream version 115.4.1
Fixed CVE issues in upstream version 115.4.1 (MFSA 2023-47):
CVE-2023-5721: Queued up rendering could have allowed websites to
clickjack
CVE-2023-5732: Address bar spoofing via bidirectional characters
CVE-2023-5724: Large WebGL draw could have led to a crash
CVE-2023-5725: WebExtensions could open arbitrary URLs
CVE-2023-5728: Improper object tracking during GC in the JavaScript
engine could have led to a crash.
CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
and Thunderbird 115.4.1
-- Carsten Schoenert <email address hidden> Wed, 25 Oct 2023 21:05:23 +0200
| Superseded in bullseye-release |
thunderbird (1:102.13.1-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert <email address hidden> Fri, 28 Jul 2023 19:11:39 +0200
| Superseded in bookworm-release |
thunderbird (1:102.15.1-1~deb12u1) bookworm-security; urgency=medium
* [55faec4] New upstream version 102.15.1
Fixed CVE issues in upstream version 102.15.1 (MFSA 2023-40):
CVE-2023-4863: Heap buffer overflow in libwebp
-- Carsten Schoenert <email address hidden> Thu, 14 Sep 2023 09:12:52 +0530
| Superseded in sid-release |
thunderbird (1:115.3.1-1) unstable; urgency=medium
* [276a53a] New upstream version 115.3.1
Fixed CVE issues in upstream version 115.3.1 (MFSA 2023-44):
CVE-2023-5217: Heap buffer overflow in libvpx
* [a360abf] d/control: Point VCS links to debian/sid
-- Carsten Schoenert <email address hidden> Fri, 29 Sep 2023 19:26:42 +0200
| Superseded in sid-release |
thunderbird (1:115.3.0-1) unstable; urgency=medium
* [2e67467] New upstream version 115.3.0
Fixed CVE issues in upstream version 115.3 (MFSA 2023-43):
CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1
CVE-2023-5169: Out-of-bounds write in PathOps
CVE-2023-5171: Use-after-free in Ion Compiler
CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox
ESR 115.3, and Thunderbird 115.3
-- Carsten Schoenert <email address hidden> Wed, 27 Sep 2023 19:07:47 +0200
| Superseded in sid-release |
thunderbird (1:115.2.2-1) unstable; urgency=medium
* [08bc8c9] d/thunderbird.desktop: Update data with upstream data
(Closes: #1042912, #1051261)
* [2fd665b] New upstream version 115.2.2
Fixed CVE issues in upstream version 115.2.2 (MFSA 2023-40):
CVE-2023-4863: Heap buffer overflow in libwebp
* [7b862be] d/copyright: Update content due upstream changes
* [140b77d] d/s/lintian-overrides: Update data for overrides
-- Carsten Schoenert <email address hidden> Wed, 13 Sep 2023 22:59:59 +0530
| Superseded in sid-release |
thunderbird (1:115.2.0-1) unstable; urgency=medium
* [1415d01] New upstream version 115.2.0
Fixed CVE issues in upstream version 115.2 (MFSA 2023-36):
CVE-2023-4573: Memory corruption in IPC CanvasTranslator
CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback
CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback
CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation
CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics
CVE-2023-4051: Full screen notification obscured by file open dialog
CVE-2023-4578: Error reporting methods in SpiderMonkey could have
triggered an Out of Memory Exception
CVE-2023-4053: Full screen notification obscured by external program
CVE-2023-4580: Push notifications saved to disk unencrypted
CVE-2023-4581: XLL file extensions were downloadable without warnings
CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv
CVE-2023-4583: Browsing Context potentially not cleared when closing
Private Window
CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR
102.15, Firefox ESR 115.2, Thunderbird 102.15, and
Thunderbird 115.2
CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
and Thunderbird 115.2
-- Christoph Goehre <email address hidden> Wed, 30 Aug 2023 17:41:36 +0200
| Superseded in experimental-release |
thunderbird (1:117.0~b5-1) experimental; urgency=medium
[ Christoph Goehre ]
* [35f24cb] ship glxtest and vaapitest binaries
(Closes: #1043057)
[ Carsten Schoenert ]
* [f8ce5fb] New upstream version 117.0~b5
* [91f34ab] Rebuild patch queue from patch-queue branch
Removed patches (included upstream):
fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
* [680d811] d/thunderbird.install: Use upstream graphics for icons
* [0768e17] d/c-u-t.py: Use Version() from python3-packaging
* [b463514] d/thunderbird.desktop: Sort MimeType entries alphabetically
* [4ac761b] d/control: Bump the usual build dependencies
[ Max Nikulin ]
* [83018ae] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard
* [615c2a0] d/thunderbird.desktop: Add mid: URI to MIME types
(Closes: #1008159)
* [f595e42] d/thunderbird.desktop: Add news: URI to MIME types
* [7a2dde8] d/thunderbird.desktop: Add webcal: URI to MIME types
-- Carsten Schoenert <email address hidden> Sat, 19 Aug 2023 15:29:28 +0200
| Superseded in sid-release |
thunderbird (1:115.1.1-1) unstable; urgency=medium
[ Christoph Goehre ]
* [880cabe] ship glxtest and vaapitest binaries
(Closes: #1043057)
[ Carsten Schoenert ]
* [8474b9b] d/thunderbird.install: Use upstream graphics for icons
* [85f99a2] d/c-u-t.py: Use Version() from python3-packaging
* [86e3335] d/thunderbird.desktop: Sort MimeType entries alphabetically
* [2bc5f47] New upstream version 115.1.1
* [ddec51f] Revert "d/mozconfig.default: Use internal shipped librnp
version"
* [3ef27e2] Revert "d/control: Drop librnp0 package from Depends"
* [9011502] Revert "d/thunderbird.install: Install rnp tools too"
* [d5eef62] d/control: Bump version of librnp{0,-dev}
(Closes: #1041409)
[ Max Nikulin ]
* [0e04b0e] d/thunderbird.desktop: Add IANA MIME type for .vcf vcard
* [ce01092] d/thunderbird.desktop: Add mid: URI to MIME types
(Closes: #1008159)
* [c11a22f] d/thunderbird.desktop: Add news: URI to MIME types
* [bf5586f] d/thunderbird.desktop: Add webcal: URI to MIME types
-- Carsten Schoenert <email address hidden> Wed, 16 Aug 2023 17:18:04 +0200
| Superseded in sid-release |
thunderbird (1:115.1.0-1) unstable; urgency=medium
* [8c11865] d/gbp.conf: Adjust upstream branch to new ESR cycle
* [fb76340] New upstream version 115.1.0
Fixed CVE issues in upstream version 115.1 (MFSA 2023-33):
CVE-2023-4045: Offscreen Canvas could have bypassed cross-origin
restrictions
CVE-2023-4046: Incorrect value used during WASM compilation
CVE-2023-4047: Potential permissions request bypass via clickjacking
CVE-2023-4048: Crash in DOMParser due to out-of-memory conditions
CVE-2023-4049: Fix potential race conditions when releasing platform
objects
CVE-2023-4050: Stack buffer overflow in StorageManager
CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state
CVE-2023-4056: Memory safety bugs fixed in Firefox 116,
Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1,
and Thunderbird 102.14
CVE-2023-4057: Memory safety bugs fixed in Firefox 116,
Firefox ESR 115.1, and Thunderbird 115.1
* [b562827] Rebuild patch queue from patch-queue branch
Removed patches (included upstream):
fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch
porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
-- Carsten Schoenert <email address hidden> Tue, 01 Aug 2023 19:19:27 +0200
| Superseded in experimental-release |
thunderbird (1:116.0~b7-1) experimental; urgency=medium
* [489b6a2] New upstream version 116.0~b7
* [a6a2814] Rebuild patch queue from patch-queue branch
Removed patches (included upstream):
fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch
-- Carsten Schoenert <email address hidden> Mon, 31 Jul 2023 20:06:53 +0200
| Superseded in experimental-release |
thunderbird (1:115.0.1-2) experimental; urgency=medium
[ Carsten Schoenert ]
* [39b1576] d/create-upstream-tarballs.py: Catch non existing versions
* [f663f6a] d/create-upstream-tarballs.py: Running black formatter
* [8e6d7fe] d/create-upstream-tarballs.py: Use speaking variable name
[ Christoph Goehre ]
* [cdab989] Rebuild patch queue from patch-queue branch
Added patch:
porting-mips64el/Bug-1841201-Work-around-tail-call-optimization-not-happen.patch
-- Carsten Schoenert <email address hidden> Sat, 29 Jul 2023 09:22:57 +0200
| Superseded in sid-release |
thunderbird (1:102.13.1-1) unstable; urgency=medium
* [e803b54] New upstream version 102.13.1
Fixed CVE issues in upstream version 102.13.1 (MFSA 2023-28):
CVE-2023-3417: File Extension Spoofing using the Text Direction
Override Character
* [456ce20] Rebuild patch queue from patch-queue branch
Added patch:
fixes/gfx-Fix-inclusion-of-C-header.patch
fixes/toolkit-Fix-inclusion-of-C-header.patch
(Closes: #1037872)
-- Carsten Schoenert <email address hidden> Wed, 26 Jul 2023 19:48:59 +0200
| Superseded in experimental-release |
thunderbird (1:115.0.1-1) experimental; urgency=medium
* [30f2fcc] New upstream version 115.0.1
Fixed CVE issues in upstream version 115.0.1 (MFSA 2023-27):
CVE-2023-3600: Use-after-free in workers
CVE-2023-3417: File Extension Spoofing using the Text Direction
Override Character
* [efbb370] Rebuild patch queue from patch-queue branch
Added patches:
debian-hacks/rnp-Fix-include-for-format-specifiers-for-uint32_t.patch
fixes/skia-Cast-SkEndian_SwapBE32-n-to-uint32_t-on-big-endian.patch
porting-mips64el/skia-Disable-musttail-on-mips64.patch
porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch
* [f78b777] d/mozconfig.default: Use internal shipped librnp version
* [a606cdb] d/control: Drop librnp0 package from Depends
* [104bf35] d/thunderbird.install: Install rnp tools too
-- Carsten Schoenert <email address hidden> Sun, 23 Jul 2023 09:07:08 +0200
| Superseded in bookworm-release |
thunderbird (1:102.13.0-1~deb12u1) bookworm-security; urgency=medium
* Rebuild for bookworm-security
(Closes: #971790, #1006432)
-- Carsten Schoenert <email address hidden> Sat, 08 Jul 2023 08:15:29 +0200
| Superseded in experimental-release |
thunderbird (1:115.0-1) experimental; urgency=medium
[ Carsten Schoenert ]
* [3a6b0eb] New upstream version 115.0
* [1c11a15] Rebuild patch queue from patch-queue branch
Dropped patches:
debian-hacks/Decrease-Cargo-minimal-version-to-1.46.0.patch
debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch
fixes/Bug-628252-os2.cc-fails-to-compile-against-GCC-4.6-m.patch
porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
porting-ppc64el/work-around-a-build-failure-with-clang-on-ppc64el.patch
porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
Added patches:
fixes/Bug-1840931-More-properly-handle-files-4GB-in-elfhack.-r-.patch
fixes/Bug-1842933-Use-NEON_FLAGS-instead-of-VPX_ASFLAGS-for-lib.patch
fixes/Fix-math_private.h-for-i386-FTBFS.patch
porting-mips/Bug-1841197-Undefine-the-mips-builtin-macro-on-mips-in-sk.patch
porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch
porting-ppc64el/Work-around-bz-1775202-to-fix-FTBFS-on-ppc64el.patch
* [8d1d0e0] d/source.filter: Add build/android to list
[ Bo YU ]
* [ddf55dc] riscv64: Add build support for Riscv64 (Closes: #1026118)
-- Carsten Schoenert <email address hidden> Sun, 16 Jul 2023 12:22:50 +0200
| Superseded in sid-release |
thunderbird (1:102.13.0-1) unstable; urgency=medium
* [7168011] New upstream version 102.13.0
Fixed CVE issues in upstream version 102.12 (MFSA 2023-24):
CVE-2023-37201: Use-after-free in WebRTC certificate generation
CVE-2023-37202: Potential use-after-free from compartment mismatch in
SpiderMonkey
CVE-2023-37207: Fullscreen notification obscured
CVE-2023-37208: Lack of warning when opening Diagcab files
CVE-2023-37211: Memory safety bugs fixed in Firefox 115, Firefox ESR
102.13, and Thunderbird 102.13
(Closes: #971790, #1006432)
-- Carsten Schoenert <email address hidden> Sat, 08 Jul 2023 06:15:04 +0200
| Superseded in experimental-release |
thunderbird (1:115.0~b6-1) experimental; urgency=medium * [1d7c51d] New upstream version 115.0~b6 -- Carsten Schoenert <email address hidden> Thu, 29 Jun 2023 20:13:46 +0200
| Superseded in experimental-release |
thunderbird (1:115.0~b4-1) experimental; urgency=medium
* [5685662] New upstream version 115.0~b4
* [0ff4fd0] Rebuild patch queue from patch-queue branch
Updated patches:
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
* [67def1f] d/control: Add libotr5 to Depends
-- Carsten Schoenert <email address hidden> Fri, 23 Jun 2023 16:03:31 +0200
| Superseded in sid-release |
thunderbird (1:102.12.0-1) unstable; urgency=medium
* [a285966] New upstream version 102.12.0
(Upstream has published a MFSA yet.)
* [73c48d4] d/control: Add libotr5 to Depends
-- Carsten Schoenert <email address hidden> Mon, 05 Jun 2023 18:51:11 +0200
| Superseded in experimental-release |
thunderbird (1:114.0~b2-1) experimental; urgency=medium
* [1f5bec1] New upstream version 114.0~b2
* [df5220a] Rebuild patch queue from patch-queue branch
Updated patches:
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
* [71e654b] d/rules: Add 2 files to dh_missing
-- Carsten Schoenert <email address hidden> Tue, 16 May 2023 21:38:11 +0200
thunderbird (1:102.11.0-1) unstable; urgency=medium
[ intrigeri ]
* [f3e5479] AppArmor: update profile from upstream at
commit a03a894c6c30b7a566aa74645802de1cea580bca
[ Carsten Schoenert ]
* [0626d72] New upstream version 102.11.0
Fixed CVE issues in upstream version 102.11 (MFSA 2023-18):
CVE-2023-32205: Browser prompts could have been obscured by popups
CVE-2023-32206: Crash in RLBox Expat driver
CVE-2023-32207: Potential permissions request bypass via clickjacking
CVE-2023-32211: Content process crash due to invalid wasm code
CVE-2023-32212: Potential spoof due to obscured address bar
CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
CVE-2023-32215: Memory safety bugs fixed in Thunderbird 102.11
-- Carsten Schoenert <email address hidden> Fri, 12 May 2023 17:11:29 +0200
| Superseded in bullseye-release |
thunderbird (1:102.10.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert <email address hidden> Wed, 19 Apr 2023 17:28:54 +0200
| Superseded in experimental-release |
thunderbird (1:113.0~b3-1) experimental; urgency=medium
[ Carsten Schoenert ]
* [569da29] apparmor: Expand profile folder about .mozilla-thunderbird
(Closes: #1030532)
* [777be0a] New upstream version 113.0~b3
* [ae90792] Rebuild patch queue from patch-queue branch
Dropped patch (included upstream):
debian-hacks/Make-Thunderbird-build-reproducible.patch
[ Timothy Pearson ]
* [5dff12c] Explicitly set SQLite endianness on ppc64el
[ intrigeri ]
* [c0ea3f9] AppArmor: update profile from upstream at
commit a03a894c6c30b7a566aa74645802de1cea580bca
-- Carsten Schoenert <email address hidden> Fri, 21 Apr 2023 19:11:41 +0200
| Superseded in sid-release |
thunderbird (1:102.10.0-1) unstable; urgency=medium
* [8afefce] New upstream version 102.10.0
Fixed CVE issues in upstream version 102.10 (MFSA 2023-15):
CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
CVE-2023-29533: Fullscreen notification obscured
CVE-2023-1999: Double-free in libwebp
CVE-2023-29535: Potential Memory Corruption following Garbage Collector
compaction
CVE-2023-29536: Invalid free from JavaScript code
CVE-2023-0547: Revocation status of S/Mime recipient certificates was
not checked
CVE-2023-29479: Hang when processing certain OpenPGP messages
CVE-2023-29539: Content-Disposition filename truncation leads to
Reflected File Download
CVE-2023-29541: Files with malicious extensions could have been
downloaded unsafely on Linux
CVE-2023-29542: Bypass of file download extension restrictions
CVE-2023-1945: Memory Corruption in Safe Browsing Code
CVE-2023-29548: Incorrect optimization result on ARM64
CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10
-- Carsten Schoenert <email address hidden> Mon, 17 Apr 2023 21:32:45 +0200
| Superseded in sid-release |
thunderbird (1:102.9.1-1) unstable; urgency=medium
[ Timothy Pearson ]
* [de7c4f8] Explicitly set SQLite endianness on ppc64el
(Closes: #1033534)
[ Carsten Schoenert ]
* [06059fb] New upstream version 102.9.1
Fixed CVE issues in upstream version 102.9.1 (MFSA 2023-12):
CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to
denial-of-service attack
-- Carsten Schoenert <email address hidden> Wed, 29 Mar 2023 17:34:39 +0200
| Superseded in experimental-release |
thunderbird (1:112.0~b1-1) experimental; urgency=medium
* [c89a60d] d/source.filter: Update content to filter out
* [12cd2c8] New upstream version 112.0~b1
* [6655d37] Rebuild patch queue from patch-queue branch
Removed patch:
debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
* [c4744df] d/control: Increade B-D on rustc to >= 1.65
* [ad73ef1] d/thunderbird.docs: Readd Apache-2 related Notice file
* [ebf44e8] d/control: Adjust B-D to libfontconfig-dev
* [6cea088] d/control: Increase Standards-Version to 4.6.2
* [2d0d8ee] d/copyright: Update content due upstream changes
* [268ee53] Lintian: Update overrides for source package
* [28ffd63] Lintian: Update overrides for thunderbird package
* [200f86d] Lintian: Update override for thunderbird-l10n-all
-- Carsten Schoenert <email address hidden> Sat, 18 Mar 2023 19:31:18 +0100
| Superseded in sid-release |
thunderbird (1:102.9.0-1) unstable; urgency=medium
* [ad8cc7c] New upstream version 102.9.0
Fixed CVE issues in upstream version 102.9 (MFSA 2023-11):
CVE-2023-25751: Incorrect code generation during JIT compilation
CVE-2023-28164: URL being dragged from a removed cross-origin iframe
into the same tab triggered navigation
CVE-2023-28162: Invalid downcast in Worklets
CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9
* [b0a22c0] d/control: Increase Standards-Version to 4.6.2
No further changes needed.
-- Carsten Schoenert <email address hidden> Wed, 15 Mar 2023 19:54:53 +0100
| Superseded in experimental-release |
thunderbird (1:110.0~b4-1) experimental; urgency=medium
[ Amr Ibrahim ]
* [22b9eb7] thunderbird.desktop: Update StartupWMClass
[ Carsten Schoenert ]
* [afe6c6a] d/copyright: Update content due upstream changes
* [7b31b9d] d/source.filter: Update content to filter out
* [03b50b4] Lintian: Adjust overrides for thunderbird package
* [d3510d8] Lintian: Adjust overrides for source package
* [57839a2] d/control: Increase version in B-D for libnss-dev
* [958648e] d-create-upstream-tarballs.py: Use correct variable
* [208f93e] New upstream version 110.0~b4
(Closes: #1031541)
* [ba87378] Rebuild patch queue from patch-queue branch
Added patch:
debian-hacks/Relax-minimum-supporter-rust-version-to-1.63.patch
Adjusted patch:
debian-hacks/Fix-Floating-Point-Normalization-breakage-on-32bit-Linux.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
* [3104ede] Drop usage of autoconf calls
* [42a2545] d/control: Increase some versions in B-D
* [551a17f] d/rules: Don't remove configure on dh_clean
* [3b7b408] d/source.filter: Don't filter configure from upstream data
* [48913d3] d/thunderbird.docs: Drop install of NOTICE file
* [44589db] d/mozconfig.default: Use internal version of ICU
* [3eba559] d/control: Drop libicu-dev from B-D for now
-- Carsten Schoenert <email address hidden> Tue, 07 Mar 2023 16:41:43 +0100
| Superseded in sid-release |
thunderbird (1:102.8.0-1) unstable; urgency=medium
* [b130936] New upstream version 102.8.0
Fixed CVE issues in upstream version 102.8.0 (MFSA 2023-07):
CVE-2023-0616: User Interface lockup with messages combining S/MIME and
OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using
iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in
SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25739: Use-after-free in
mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes without
user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8
* [66e2335] Rebuild patch queue from patch-queue branch
Removed patch (included upstream):
debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
-- Carsten Schoenert <email address hidden> Fri, 17 Feb 2023 20:17:32 +0100
| Superseded in sid-release |
thunderbird (1:102.7.2-1) unstable; urgency=medium * [468e468] New upstream version 102.7.2 -- Carsten Schoenert <email address hidden> Wed, 08 Feb 2023 18:34:59 +0100
| Superseded in sid-release |
thunderbird (1:102.7.1+1-1) unstable; urgency=medium
* [5ce0e7d] New upstream version 102.7.1+1
Fixed CVE issues in upstream version 102.7.1 (MFSA 2023-04):
CVE-2023-0430: Revocation status of S/Mime signature certificates was
not checked
Note: The previous version 1:102.7.1-1 was build on top of a release
candidate which does not fixed CVE-2023-0430 fully.
(Closes: #1029594, #1029606)
* [c7c81a5] apparmor: Expand profile folder about .mozilla-thunderbird
(Closes: #1030532)
-- Carsten Schoenert <email address hidden> Sun, 05 Feb 2023 17:27:40 +0100
| Superseded in sid-release |
thunderbird (1:102.7.1-1) unstable; urgency=medium
* [dbc3385] New upstream version 102.7.1
Fixed CVE issues in upstream version 102.7 (MFSA 2023-03):
CVE-2022-46871: libusrsctp library out of date
CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
CVE-2023-23601: URL being dragged from cross-origin iframe into same
tab triggers navigation
CVE-2023-23602: Content Security Policy wasn't being correctly applied
to WebSockets in WebWorkers
CVE-2022-46877: Fullscreen notification bypass
CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing
Content Security Policy via format directive
CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7
Fixed CVE issues in upstream version 102.7.1 (MFSA not yet released):
CVE-2023-0430: Revocation status of S/Mime signature certificates was
not checked
* [af92a36] Rebuild patch queue from patch-queue branch
Added patch:
debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
(Closes: #1028885)
-- Carsten Schoenert <email address hidden> Tue, 24 Jan 2023 16:32:06 +0100
| Superseded in sid-release |
thunderbird (1:102.6.0-1) unstable; urgency=medium
[ Paul Gevers ]
* [6bbbd94] tests: thunderbird no longer builds on armel and armhf, so
let's not fail while trying to test there
* [d9e09a0] tests: help.sh is really a very superficial test, so let's
mark it as such
[ Carsten Schoenert ]
* [43b90d6] New upstream version 102.6.0
Fixed CVE issues in upstream version 102.6 (MFSA 2022-53):
CVE-2022-46880: Use-after-free in WebGL
CVE-2022-46872: Arbitrary file read from a compromised content process
CVE-2022-46881: Memory corruption in WebGL
CVE-2022-46874: Drag and Dropped Filenames could have been truncated to
malicious extensions
CVE-2022-46882: Use-after-free in WebGL
CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6
* [745c1a3] Rebuild patch queue from patch-queue branch
Removed patches (included upstream):
fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
* [1e74214] d/control: Increase buid dep on libnss3-dev to 3.79.2
-- Carsten Schoenert <email address hidden> Tue, 13 Dec 2022 19:40:57 +0100
| Superseded in sid-release |
thunderbird (1:102.5.1-1) unstable; urgency=medium
* [ae4d1ff] New upstream version 102.5.1
Fixed CVE issues in upstream version 102.5.1 (MFSA 2022-50):
CVE-2022-45414: Quoting from an HTML email with certain tags will trigger
network requests and load remote content, regardless of
a configuration to block remote content
-- Carsten Schoenert <email address hidden> Wed, 30 Nov 2022 12:27:38 +0100
| Superseded in sid-release |
thunderbird (1:102.5.0-1) unstable; urgency=medium
* [2f04265] New upstream version 102.5.0
Fixed CVE issues in upstream version 102.5 (MFSA 2022-49):
CVE-2022-45403: Service Workers might have learned size of cross-origin
media files
CVE-2022-45404: Fullscreen notification bypass
CVE-2022-45405: Use-after-free in InputStream implementation
CVE-2022-45406: Use-after-free of a JavaScript Realm
CVE-2022-45408: Fullscreen notification bypass via windowName
CVE-2022-45409: Use-after-free in Garbage Collection
CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite
cookie policy
CVE-2022-45411: Cross-Site Tracing was possible via non-standard
override headers
CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
CVE-2022-45416: Keystroke Side-Channel Leakage
CVE-2022-45418: Custom mouse cursor could have been drawn over
browser UI
CVE-2022-45420: Iframe contents could be rendered outside the iframe
CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5
* [57e94ac] Rebuild patch queue from patch-queue branch
Added patches:
fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
(Closes: #1023789)
-- Carsten Schoenert <email address hidden> Sat, 15 Nov 2022 19:34:55 +0100
| Superseded in sid-release |
thunderbird (1:102.4.1-1) unstable; urgency=medium
[ intrigeri ]
* [37c5b01] AppArmor: update profile from upstream at commit
09fa2669dc95cb336d133a6b96cac227e3aa73dc
This allows running Thunderbird as a native Wayland application.
[ Carsten Schoenert ]
* [031c4a2] New upstream version 102.4.1
-- Carsten Schoenert <email address hidden> Mon, 31 Oct 2022 18:50:44 +0100
| Superseded in sid-release |
thunderbird (1:102.4.0-1) unstable; urgency=medium
* [6bfe8cd] New upstream version 102.4.0
Fixed CVE issues in upstream version 102.4 (MFSA 2022-46):
CVE-2022-42927: Same-origin policy violation could have leaked
cross-origin URLs
CVE-2022-42928: Memory Corruption in JS Engine
CVE-2022-42929: Denial of Service via window.print
CVE-2022-42932: Memory safety bugs fixed in Thunderbird 102.4
-- Carsten Schoenert <email address hidden> Mon, 24 Oct 2022 22:33:05 +0200
| Superseded in sid-release |
thunderbird (1:102.3.3-1) unstable; urgency=medium * [6729f5d] New upstream version 102.3.3 -- Carsten Schoenert <email address hidden> Thu, 13 Oct 2022 16:09:50 +0200
| Superseded in sid-release |
thunderbird (1:102.3.2-1) unstable; urgency=medium * [db7a24f] New upstream version 102.3.2 -- Carsten Schoenert <email address hidden> Thu, 06 Oct 2022 20:34:42 +0200
| Superseded in sid-release |
thunderbird (1:102.3.1-1) unstable; urgency=medium
* [f845126] New upstream version 102.3.1
* [4555808] Rebuild patch queu from patch-queue branch
debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
fixes/Properly-launch-applications-set-in-HOME-.mailcap.patch
* [344dbfa] d/copyright: Add info about code from Matrix
-- Carsten Schoenert <email address hidden> Thu, 29 Sep 2022 19:09:02 +0200
| Superseded in sid-release |
thunderbird (1:102.3.0-1) unstable; urgency=medium
* [0e841a7] New upstream version 102.3.0
Fixed CVE issues in upstream version 102.3 (MFSA 2022-42):
CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
CVE-2022-40958: Bypassing Secure Context restriction for cookies with
__Host and __Secure prefix
CVE-2022-40956: Content-Security-Policy base-uri bypass
CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
CVE-2022-40962: Memory safety bugs fixed in Thunderbird 102.3
-- Carsten Schoenert <email address hidden> Fri, 16 Sep 2022 16:56:20 +0200
| Published in buster-release |
thunderbird (1:91.12.0-1~deb10u1) buster-security; urgency=medium * Rebuild for buster-security -- Carsten Schoenert <email address hidden> Sat, 30 Jul 2022 10:47:10 +0200
| Published in bullseye-release |
thunderbird (1:91.13.0-1~deb11u1) bullseye-security; urgency=medium
* [06edfee] New upstream version 91.13.0
Fixed CVE issues in upstream version 91.13 (MFSA 2022-37):
CVE-2022-38472: Address bar spoofing via XSLT error handling
CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and
Thunderbird 91.13
-- Carsten Schoenert <email address hidden> Sun, 28 Aug 2022 19:49:01 +0200
| Superseded in sid-release |
thunderbird (1:102.2.2-1) unstable; urgency=medium * [f1dc81f] New upstream version 102.2.2 -- Carsten Schoenert <email address hidden> Thu, 08 Sep 2022 17:25:57 +0200
| Superseded in sid-release |
thunderbird (1:102.2.1-1) unstable; urgency=medium
* [e1d0f74] New upstream version 102.2.1
Fixed CVE issues in upstream version 102. (MFSA 2022-38):
CVE-2022-3033: Leaking of sensitive information when composing a response
to an HTML email with a META refresh tag
CVE-2022-3032: Remote content specified in an HTML document that was
nested inside an iframe's srcdoc attribute was not blocked
CVE-2022-3034: An iframe element in an HTML email could trigger a
network request
CVE-2022-36059: Matrix SDK bundled with Thunderbird vulnerable to
denial-of-service attack
-- Carsten Schoenert <email address hidden> Thu, 01 Sep 2022 07:52:16 +0200
| Superseded in sid-release |
thunderbird (1:102.2.0-1) unstable; urgency=medium
[ Amr Ibrahim ]
* [02a3990] thunderbird.desktop: Update StartupWMClass
(Closes: #1017420, #1014748)
[ Carsten Schoenert ]
* [f7b62a8] d-create-upstream-tarballs.py: Use correct variable
* [7194457] New upstream version 102.2.0
Fixed CVE issues in upstream version 102. (MFSA 2022-36):
CVE-2022-38472: Address bar spoofing via XSLT error handling
CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
CVE-2022-38476: Data race and potential use-after-free in PK11_ChangePW
CVE-2022-38477: Memory safety bugs fixed in Thunderbird 102.2
CVE-2022-38478: Memory safety bugs fixed in Thunderbird 102.2, and
Thunderbird 91.13
-- Carsten Schoenert <email address hidden> Sun, 28 Aug 2022 17:23:50 +0200
| Superseded in sid-release |
thunderbird (1:102.1.2-1) unstable; urgency=medium
* [78f2899] d/copyright: Update content due upstream changes
* [55dba1d] d/source.filter: Update content to filter out
* [3e19497] Lintian: Adjust overrides for thunderbird package
* [567e0c4] Lintian: Adjust overrides for source package
* [c201484] New upstream version 102.1.2
(Closes: #1016944)
-- Carsten Schoenert <email address hidden> Thu, 11 Aug 2022 16:37:07 +0200
| Superseded in sid-release |
thunderbird (1:102.1.1-1) unstable; urgency=medium
* [2c1b12f] d/create-upstream-tarballs.py: Adding new helper script
* [a9633b9] d/README.source: Update information on importing data
* [1d2cdc0] d/source.filter: Relax filter rule for old-configure
* [f1afe9b] d/repack.py: Don't exit(1) if unused filter items exist
* [165593a] d/create-thunderbird-l10n-tarball.sh: Drop old helper
* [b4d73ee] d/gbp.conf: Drop 'import-orig' section
* [d186832] d/source.filter: Add files named *.orig and *.rej
* [933b099] New upstream version 102.1.1
(Closes: #1014675:)
-- Carsten Schoenert <email address hidden> Sat, 06 Aug 2022 11:26:44 +0200
| Superseded in experimental-release |
thunderbird (1:104.0~b2-1) experimental; urgency=medium
* [92670b2] d/repack.py: Small rework and adjustments
* [06fb656] d/create-upstream-tarballs.py: Adding new helper script
* [331247d] d/README.source: Update information on importing data
* [57a6dd7] d/source.filter: Relax filter rule for old-configure
* [36696b6] d/repack.py: Don't exit(1) if unused filter items exist
* [3b14d11] d/create-thunderbird-l10n-tarball.sh: Drop old helper
* [5468bb8] d/gbp.conf: Drop 'import-orig' section
* [fd4d5c1] d/source.filter: Add files named *.orig and *.rej
* [5035e50] New upstream version 104.0~b2
* [cc89049] Rebuild patch queue from patch-queue branch
Removed patch:
debian-hacks/Lower-down-required-NSS-version.patch
-- Carsten Schoenert <email address hidden> Sat, 06 Aug 2022 09:13:35 +0200
| Superseded in sid-release |
thunderbird (1:102.1.0-1) unstable; urgency=medium
* [3b7bb0d] New upstream version 102.1.0
Fixed CVE issues in upstream version 102.1 (MFSA 2022-32):
CVE-2022-36319: Mouse Position spoofing with CSS transforms
CVE-2022-36318: Directory indexes for bundled resources reflected URL
parameters
CVE-2022-2505: Memory safety bugs fixed in Thunderbird 102.1
(Closes: #1016083, #1014745, #1014675, #1014638)
-- Carsten Schoenert <email address hidden> Fri, 29 Jul 2022 17:00:53 +0200
| Superseded in experimental-release |
thunderbird (1:103.0~b5-1) experimental; urgency=medium
* [a060ea2] d/gbp.conf: Sign tags automatically
(cherry-picked from debian/sid)
* [ac331c8] New upstream version 103.0~b5
* [00dd354] Rebuild patch queue from patch-queue branch
Added patch:
debian-hacks/Lower-down-required-NSS-version.patch
* [5c35afb] d/watch: Look now for versions starting with 3 digits
(cherry-picked from debian/sid)
* [a897f48] d/control: Add package thunderbird-l10n-es-mx
(cherry-picked from debian/sid)
-- Carsten Schoenert <email address hidden> Wed, 13 Jul 2022 18:08:16 +0200
| Superseded in sid-release |
thunderbird (1:102.0.2-1) unstable; urgency=medium * [079e135] d/repack.py: Small rework and adjustments * [fc2518e] d/control: Readjust Vcs links to unstable * [a7b09b3] d/gbp.conf: Sign tags automatically * [faf115d] New upstream version 102.0.2 -- Carsten Schoenert <email address hidden> Tue, 12 Jul 2022 18:41:04 +0200
| Superseded in bullseye-release |
thunderbird (1:91.10.0-1~deb11u1) bullseye-security; urgency=medium * Rebuild for bullseye-security -- Carsten Schoenert <email address hidden> Thu, 02 Jun 2022 20:57:37 +0200
| Superseded in sid-release |
thunderbird (1:102.0.1-1) unstable; urgency=medium
* [68c9410] d/gbp.conf: Adjust upstream branch to new ESR cycle
* [45eca79] New upstream version 102.0.1
Fixed CVE issues in upstream version 102.0 (MFSA 2022-26):
CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
CVE-2022-34470: Use-after-free in nsSHistory
CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
CVE-2022-2226: An email with a mismatching OpenPGP signature date was
accepted as valid
CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
CVE-2022-31744: CSP bypass enabling stylesheet injection
CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
Thunderbird 102
* [1842425] d/watch: Look now for versions starting with 3 digits
* [0a32bb3] d/control: Add package thunderbird-l10n-es-mx
-- Carsten Schoenert <email address hidden> Fri, 08 Jul 2022 17:47:21 +0200
| Superseded in sid-release |
thunderbird (1:91.11.0-1) unstable; urgency=medium
* [05a947d] New upstream version 91.11.0
Fixed CVE issues in upstream version 91.11 (MFSA 2022-26:
CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
CVE-2022-34470: Use-after-free in nsSHistory
CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
CVE-2022-2226: An email with a mismatching OpenPGP signature date was
accepted as valid
CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
CVE-2022-31744: CSP bypass enabling stylesheet injection
CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
CVE-2022-34484: Memory safety bugs fixed in Thunderbird 91.11 and
Thunderbird 102
(Closes: #1014004)
* [4c4944d] Rebuild patch queue from patch-queue branch
Added patch:
fixes/Bug-1773070-Rename-remove-some-eventState-s-variables.-r-.patch
-- Carsten Schoenert <email address hidden> Fri, 01 Jul 2022 20:12:40 +0200
| Deleted in experimental-release (Reason: None provided.) |
thunderbird (1:102.0~b7-1) experimental; urgency=medium * [edf32aa] New upstream version 102.0~b7 * [c9dd3e0] d/control: Remove not required B-D * [ac2ec70] d/mozconfig.default: Remove commented out options -- Carsten Schoenert <email address hidden> Tue, 21 Jun 2022 19:06:58 +0200
| 1 → 75 of 227 results | First • Previous • Next • Last |
