thunderbird 1:102.5.0-1 source package in Debian

Changelog

thunderbird (1:102.5.0-1) unstable; urgency=medium

  * [2f04265] New upstream version 102.5.0
    Fixed CVE issues in upstream version 102.5 (MFSA 2022-49):
    CVE-2022-45403: Service Workers might have learned size of cross-origin
                    media files
    CVE-2022-45404: Fullscreen notification bypass
    CVE-2022-45405: Use-after-free in InputStream implementation
    CVE-2022-45406: Use-after-free of a JavaScript Realm
    CVE-2022-45408: Fullscreen notification bypass via windowName
    CVE-2022-45409: Use-after-free in Garbage Collection
    CVE-2022-45410: ServiceWorker-intercepted requests bypassed SameSite
                    cookie policy
    CVE-2022-45411: Cross-Site Tracing was possible via non-standard
                    override headers
    CVE-2022-45412: Symlinks may resolve to partially uninitialized buffers
    CVE-2022-45416: Keystroke Side-Channel Leakage
    CVE-2022-45418: Custom mouse cursor could have been drawn over
                    browser UI
    CVE-2022-45420: Iframe contents could be rendered outside the iframe
    CVE-2022-45421: Memory safety bugs fixed in Thunderbird 102.5
  * [57e94ac] Rebuild patch queue from patch-queue branch
    Added patches:
    fixes/Bug-1782988-Avoid-build-bustage-when-building-against-gli.patch
    fixes/Bug-1782988-Fix-use-of-arc4random_buf-use-in-ping.cpp.-r-.patch
    (Closes: #1023789)

 -- Carsten Schoenert <email address hidden>  Sat, 15 Nov 2022 19:34:55 +0100