thunderbird 1:91.3.0-1 source package in Debian
Changelog
thunderbird (1:91.3.0-1) unstable; urgency=medium * [1d3e0b1] Revert "Rebuild patch queue from patch-queue branch" The patch for fixing the broken build on i386 breaks other architectures, so reverting for now. * [66755b4] New upstream version 91.3.0 Fixed CVE issues in upstream version 91.3 (MFSA 2021-50): CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504: Use-after-free in file picker dialog CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen mode without notification or warning CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports MOZ-2021-0008: Use-after-free in HTTP2 Session object (no CVE assigned yet) CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain MOZ-2021-0007: Memory safety bugs fixed in Thunderbird ESR 91.3 (no CVE assigned yet) -- Carsten Schoenert <email address hidden> Wed, 03 Nov 2021 18:14:09 +0100
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
thunderbird_91.3.0-1.dsc | 8.2 KiB | dc02b1550d2f7fae5fdc227f8336bde3a89c3c968fcd152d900c1d031c5214c3 |
thunderbird_91.3.0.orig-thunderbird-l10n.tar.xz | 11.4 MiB | c456aac9e564e03af2ada3fb6aee459ac57eaa2e52366b118014f42fd826d3d4 |
thunderbird_91.3.0.orig.tar.xz | 408.8 MiB | 422a44ad7a77a71b1963437de306265b1d98b7d58ab81f8407588e20d18d37c9 |
thunderbird_91.3.0-1.debian.tar.xz | 527.9 KiB | 61cc20f3040e2e823516df9fbbed0ded4afae0c7df1c167397801cbae2b74364 |
No changes file available.