-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Jan 2023 16:32:06 +0100 Source: thunderbird Architecture: source Version: 1:102.7.1-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <c.schoen...@t-online.de> Changed-By: Carsten Schoenert <c.schoen...@t-online.de> Closes: 1028885 Changes: thunderbird (1:102.7.1-1) unstable; urgency=medium . * [dbc3385] New upstream version 102.7.1 Fixed CVE issues in upstream version 102.7 (MFSA 2023-03): CVE-2022-46871: libusrsctp library out of date CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers CVE-2022-46877: Fullscreen notification bypass CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive CVE-2023-23605: Memory safety bugs fixed in Thunderbird 102.7 Fixed CVE issues in upstream version 102.7.1 (MFSA not yet released): CVE-2023-0430: Revocation status of S/Mime signature certificates was not checked * [af92a36] Rebuild patch queue from patch-queue branch Added patch: debian-hacks/Python-3.11-Don-t-use-mode-rU-any-more.patch (Closes: #1028885) Checksums-Sha1: 0102a9367440d92b6f8f5a19dad16aa6e3d283b4 8496 thunderbird_102.7.1-1.dsc 469e1de627f32d7fd3b11d5ffc5c96bf9ed47062 12515440 thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz 6e34dc7018441229550a80a2c1a6e6668f364dee 522789916 thunderbird_102.7.1.orig.tar.xz ed24a75ce5163af132492d38af5384d1fb1340fa 548024 thunderbird_102.7.1-1.debian.tar.xz 5ea5d1ee7ef34bc5cb52014fcd8da0f4aad5a34e 39863 thunderbird_102.7.1-1_amd64.buildinfo Checksums-Sha256: 4b3fd11d946479ac372dde60020507e08dc04f1fa17b225d19b329a49e1f4802 8496 thunderbird_102.7.1-1.dsc 2affac3bc393e8ca8b5e8d8f78dc3167695bbfcd237fe35ddaf25dbd595ed102 12515440 thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz 51520b56816b7c95d347b843e22b63705e20cffeebbe2ad820df7980839aa261 522789916 thunderbird_102.7.1.orig.tar.xz 76928f78c88b75ad27d4dc709e5df975194569e844157a3d4c8ea9cb7dcf333d 548024 thunderbird_102.7.1-1.debian.tar.xz 43bd929586f8b27134657e1716cf8c925ec845f7db938a15d864d059d9adaaa4 39863 thunderbird_102.7.1-1_amd64.buildinfo Files: b80956f4862d967de220689026e51b95 8496 mail optional thunderbird_102.7.1-1.dsc 810c5e040e824659b3b13bec5ca00478 12515440 mail optional thunderbird_102.7.1.orig-thunderbird-l10n.tar.xz 49e05fba1d86bd71e3c6c737f21954cd 522789916 mail optional thunderbird_102.7.1.orig.tar.xz a56725f711716bcc398fbc855da9f1bd 548024 mail optional thunderbird_102.7.1-1.debian.tar.xz 7d7cb81170d8bc56e4d1b206c9933355 39863 mail optional thunderbird_102.7.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmPQHPAACgkQgwFgFCUd HbAtaA//SjGHoDdrP5KZ+mtcN0SncKXs0S2saJh4VrLcEiZoOiguTWnfxsvCDkaW XR8+WGOn4nMCmx/b9p4EdEHMb16Mb5uYzltLM+8WHx0dVeJ6a8//subQ5oPkiAOg h5EhXdP8HuI2ojCVXEu+OP10a/vL+krU/xfwgjgoPUdDDPQVAJBorD1750+I19A0 U7wTCVBTUFy/KI4mePEOwiwEfw13hJnCfRv9gmxQdHNLdkFcie/jXdea41mx8DCH d99rER1VToz4pHNYXMrqe87seILr8aa8rwrdI3dsGrdvh+F873ndqavTLO6BO+x9 v4cIBpRA9r0PaRc4F0Jl5kvz+XLra8ivJGsVPK0o8RQZSr4EIqELsKVTID0OGyxH Ks+H8QUaFCcjwe6P/5MSgB6/iSCLnRu6stHzowCvbqf5N907q4ySSJrHjv43R932 8Cfbrmog0s9+gnxMEW9Fuja4cwE031WZtpHQMJu89YQYyU2irC1YsjjijuIJEp5U f1PWmiWJtzl6tuOwC68NR/kQGqv8L1xIhrjZ98iYDJbDbe/MeqbzVqqJyE6VCyxA c/y3UaRBJjxmcFz0X+9JZGOYYx/y7gLQMe9vQ6QpNN86JFNePGLODWtX7aXN8QEq KbHWHchibP7Dk/JpwXXnWIrb0kODY8H/vFgvAQdWfNcN+uIeszM= =RPhI -----END PGP SIGNATURE-----