thunderbird 1:102.8.0-1 source package in Debian
Changelog
thunderbird (1:102.8.0-1) unstable; urgency=medium
* [b130936] New upstream version 102.8.0
Fixed CVE issues in upstream version 102.8.0 (MFSA 2023-07):
CVE-2023-0616: User Interface lockup with messages combining S/MIME and
OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using
iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in
SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25739: Use-after-free in
mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes without
user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8
* [66e2335] Rebuild patch queue from patch-queue branch
Removed patch (included upstream):
debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch
-- Carsten Schoenert <email address hidden> Fri, 17 Feb 2023 20:17:32 +0100
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| thunderbird_102.8.0-1.dsc | 8.3 KiB | 61af76dbb8286263e6451fd294a5808778663a19f80b4e38091dd987af80cc10 |
| thunderbird_102.8.0.orig-thunderbird-l10n.tar.xz | 12.1 MiB | ffc6a6f7cb7843f9eeee5cd09a1847f90ad62c6182faeafc1188cebc5dd27b09 |
| thunderbird_102.8.0.orig.tar.xz | 498.7 MiB | 3bb02feadea3c138acaf9782f065eaaab4a385edc7391bebeede9fb27e1d17f8 |
| thunderbird_102.8.0-1.debian.tar.xz | 534.1 KiB | 2f46653ae8bea97a3ba48fb00fed4466cd4e89c61e3f363ee1222233e52a9982 |
No changes file available.
