Bug#929559: unblock: thunderbird/1:60.7.0-1

Carsten Schoenert Sat, 25 May 2019 22:45:53 -0700

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock


Please unblock package thunderbird

The package Thunderbird got the usual update to a new ESR version with
an update to 60.7.0.
This update fixes some known CVEs.

The changes to the packaging can be seen within the following diff output:

$ diff -Naur thunderbird-60.6.1/debian/ thunderbird-60.7.0/debian/
diff -puNr -Naur thunderbird-60.6.1/debian/changelog 
thunderbird-60.7.0/debian/changelog
--- thunderbird-60.6.1/debian/changelog 2019-03-27 18:22:51.000000000 +0100
+++ thunderbird-60.7.0/debian/changelog 2019-05-23 17:03:27.000000000 +0200
@@ -1,3 +1,30 @@
+thunderbird (1:60.7.0-1) unstable; urgency=medium
+
+  * [f6dd130] New upstream version 60.7.0
+    Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15)
+    CVE-2019-9816: Type confusion with object groups and UnboxedObjects
+    CVE-2019-9817: Stealing of cross-domain images using canvas
+    CVE-2019-9819: Compartment mismatch with fetch API
+    CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
+    CVE-2019-11691: Use-after-free in XMLHttpRequest
+    CVE-2019-11692: Use-after-free removing listeners in the event listener
+                    manager
+    CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
+    CVE-2019-7317: Use-after-free in png_image_free of libpng library
+    CVE-2019-9797: Cross-origin theft of images with createImageBitmap
+    CVE-2018-18511: Cross-origin theft of images with
+                    ImageBitmapRenderingContext
+    CVE-2019-11698: Theft of user history data through drag and drop of
+                    hyperlinks to and from bookmarks
+    CVE-2019-5798: Out-of-bounds read in Skia
+    CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7,
+                   and Thunderbird 60.7
+  * [4106d54] rebuild patch queue from patch-queue branch
+    added patch:
+    fixes/rust-ignore-not-available-documentation.patch
+
+ -- Carsten Schoenert <c.schoen...@t-online.de>  Thu, 23 May 2019 17:03:27 
+0200
+
 thunderbird (1:60.6.1-1) unstable; urgency=medium
 
   [ intrigeri ]
diff -puNr -Naur 
thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch
 
thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch
--- 
thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch
       1970-01-01 01:00:00.000000000 +0100
+++ 
thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch
       2019-05-23 17:02:09.000000000 +0200
@@ -0,0 +1,43 @@
+From: Carsten Schoenert <c.schoen...@t-online.de>
+Date: Wed, 22 May 2019 21:48:32 +0200
+Subject: rust: ignore not available documentation
+
+Picked up from a patch list for FF from Arch.
+---
+ servo/components/style/lib.rs        | 2 --
+ servo/components/style_traits/lib.rs | 2 --
+ 2 files changed, 4 deletions(-)
+
+diff --git a/servo/components/style/lib.rs b/servo/components/style/lib.rs
+index 49acbe3..0d3871c 100644
+--- a/servo/components/style/lib.rs
++++ b/servo/components/style/lib.rs
+@@ -23,7 +23,6 @@
+ //! [cssparser]: ../cssparser/index.html
+ //! [selectors]: ../selectors/index.html
+ 
+-#![deny(missing_docs)]
+ 
+ extern crate app_units;
+ extern crate arrayvec;
+@@ -148,7 +147,6 @@ pub mod values;
+ /// Generated from the properties.mako.rs template by build.rs
+ #[macro_use]
+ #[allow(unsafe_code)]
+-#[deny(missing_docs)]
+ pub mod properties {
+     include!(concat!(env!("OUT_DIR"), "/properties.rs"));
+ }
+diff --git a/servo/components/style_traits/lib.rs 
b/servo/components/style_traits/lib.rs
+index 3b7304b..0f05333 100644
+--- a/servo/components/style_traits/lib.rs
++++ b/servo/components/style_traits/lib.rs
+@@ -9,8 +9,6 @@
+ #![crate_name = "style_traits"]
+ #![crate_type = "rlib"]
+ 
+-#![deny(unsafe_code, missing_docs)]
+-
+ extern crate app_units;
+ #[macro_use] extern crate bitflags;
+ #[macro_use] extern crate cssparser;
diff -puNr -Naur thunderbird-60.6.1/debian/patches/series 
thunderbird-60.7.0/debian/patches/series
--- thunderbird-60.6.1/debian/patches/series    2019-03-26 21:53:39.000000000 
+0100
+++ thunderbird-60.7.0/debian/patches/series    2019-05-23 17:02:09.000000000 
+0200
@@ -38,3 +38,4 @@ porting-armel/Bug-1463035-Remove-MOZ_SIG
 porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
 porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
 fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
+fixes/rust-ignore-not-available-documentation.patch

unblock thunderbird/1:60.7.0-1

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, aarch64, arm64

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#929559: unblock: thunderbird/1:60.7.0-1

Reply via email to