thunderbird 1:91.5.0-1 source package in Debian

Changelog

thunderbird (1:91.5.0-1) unstable; urgency=medium

  [ Carsten Schoenert ]
  * [8d4e5f8] New upstream version 91.5.0
    Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
    CVE-2022-22743: Browser window spoof using fullscreen mode
    CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
                    mode
    CVE-2022-22741: Browser window spoof using fullscreen mode
    CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
    CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
    CVE-2022-22737: Race condition when playing audio files
    CVE-2021-4140: Iframe sandbox bypass with XSLT
    CVE-2022-22748: Spoofed origin on external protocol launch dialog
    CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
                    event
    CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
                    escape website-controlled data, potentially leading to
                    command injection
    CVE-2022-22747: Crash when handling empty pkcs7 sequence
    CVE-2022-22739: Missing throttling on external protocol launch dialog
    CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
  * [a86c0b4] Rebuild patch queue from patch-queue branch
    Modified patch:
    debian-hacks/Add-another-preferences-directory-for-applications-p.patch
    Reworking the patch so LoadDirIntoArray is working again that is adding
    an additional syspref folder for global settings to use.
    (Closes: #997841, #1003280)
  * [442988b] autopkgtest: Adding check for accessing syspref folder

  [ Jochen Sprickerhof ]
  * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v'
    (Closes:#1002570 )

 -- Carsten Schoenert <email address hidden>  Tue, 11 Jan 2022 19:12:50 +0100