thunderbird 1:115.6.0-1 source package in Debian

Changelog

thunderbird (1:115.6.0-1) unstable; urgency=medium

  * [aea3623] New upstream version 115.6.0
    Fixed CVE issues in upstream version 115. (MFSA 2023-55):
    CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP
                    signature
    CVE-2023-50761: S/MIME signature accepted despite mismatching message
                    date
    CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
                   method with Mesa VM driver
    CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
    CVE-2023-6858: Heap buffer overflow in nsTextFragment
    CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
    CVE-2023-6860: Potential sandbox escape due to VideoBridge lack
                   of texture validation
    CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void)
                   in headless mode
    CVE-2023-6862: Use-after-free in nsDNSService
    CVE-2023-6863: Undefined behavior in ShutdownObserver()
    CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
                   and Thunderbird 115.6
  * [6ecaa01] d/control: Remove B-D on libiw-dev
    (Closes: #1058737)

 -- Carsten Schoenert <email address hidden>  Tue, 19 Dec 2023 20:24:02 +0100