thunderbird 1:102.5.0-1 source package in Debian
Changelog
thunderbird (1:102.5.0-1) unstable; urgency=medium * [2f04265] New upstream version 102.5.0 Fixed CVE issues in upstream version 102.5 (MFSA 2022-49): CVE-2022-45403: Service Workers might have learned size of cross-origin media files CVE-2022-45404: Fullscreen notification bypass CVE-2022-45405: Use-after-free in InputStream implementation CVE-2022-45406: Use-after-free of a JavaScript Realm CVE-2022-45408: Fullscreen notification bypass via windowName CVE-2022-45409: Use-after-free in Garbage Collection CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite cookie policy CVE-2022-45411: Cross-Site Tracing was possible via non-standard override headers CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers CVE-2022-45416: Keystroke Side-Channel Leakage CVE-2022-45418: Custom mouse cursor could have been drawn over browser UI CVE-2022-45420: Iframe contents could be rendered outside the iframe CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5 * [57e94ac] Rebuild patch queue from patch-queue branch Added patches: fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch (Closes: #1023789) -- Carsten Schoenert <email address hidden> Sat, 15 Nov 2022 19:34:55 +0100
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
thunderbird_102.5.0-1.dsc | 8.3 KiB | f6705b5275d0b7de9f356a0096f27411fbf6bfc8ebf1fa3c1a65f71886a5b367 |
thunderbird_102.5.0.orig-thunderbird-l10n.tar.xz | 11.7 MiB | 9fce769c70b198b568feaffc4be9e6ad64311338c1bb0ee250dd19d233548096 |
thunderbird_102.5.0.orig.tar.xz | 499.6 MiB | f16d428c88f3e05ffec834eaa0d359a93edd0367a283c3d111bef382fad2e191 |
thunderbird_102.5.0-1.debian.tar.xz | 534.1 KiB | 70fd662df8c343b41a5501f413d6adce831904e86107b85fc2ebfbb4b00a0414 |
No changes file available.