-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 Feb 2025 17:44:29 +0100
Source: thunderbird
Architecture: source
Version: 1:128.7.0esr-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Carsten Schoenert <
c.schoenert@t-online.de>
Changed-By: Christoph Goehre <
chris@sigxcpu.org>
Changes:
thunderbird (1:128.7.0esr-1~deb12u1) bookworm-security; urgency=medium
.
* [4a9ef4c] New upstream version 128.7.0esr
Fixed CVE issues in upstream version 128.7 (MFSA 2025-10):
CVE-2025-1009: Use-after-free in XSLT
CVE-2025-1010: Use-after-free in Custom Highlight
CVE-2025-1011: A bug in WebAssembly code generation could result in a
crash
CVE-2025-1012: Use-after-free during concurrent delazification
CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption
handling
CVE-2025-1013: Potential opening of private browsing tabs in normal
browsing windows
CVE-2025-1014: Certificate length was not properly checked
CVE-2025-1015: Unsanitized address book fields
CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email
CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20,
and Thunderbird 128.7
CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135,
Firefox ESR 128.7, and Thunderbird 128.7
Checksums-Sha1:
0b097c12227c52a25b73f77323ea75a785d5a0b3 8492 thunderbird_128.7.0esr-1~deb12u1.dsc
2d7ba44bcbb5eafe309843460d7dc8f2c5bcfe04 13486748 thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz
c87f7336c5f91377a4da7f06394539da9fef1351 696902772 thunderbird_128.7.0esr.orig.tar.xz
94a42b696f6462d1439a213ad9cb6e5e03e9dc67 548004 thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz
Checksums-Sha256:
554efbddf5cbb0424fb127293bdf35887cff0476bb04fee40507bd0822edc5fa 8492 thunderbird_128.7.0esr-1~deb12u1.dsc
2a720133038a617cfe41eb8d920d93a4cd57d4e0b3bf9a1f40a8b5d203713ded 13486748 thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz
00b4a0365beab0532ee946cd97ffe8c484e6ee844fbd6d09e7788ec3e0ba8563 696902772 thunderbird_128.7.0esr.orig.tar.xz
7be92e9fe203ba5999ff4766dbbf18a2922360e9a2d64d0ce8ccbcc3b8bdf621 548004 thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz
Files:
a9056960e9b96c0b9cc62080d1baa006 8492 mail optional thunderbird_128.7.0esr-1~deb12u1.dsc
ea88d9deb533091622d01e86ea451ac3 13486748 mail optional thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz
a256fba2121576cbbb36cfbcbd988c20 696902772 mail optional thunderbird_128.7.0esr.orig.tar.xz
290d5dd081fcb64539572badb82675fd 548004 mail optional thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmelEJgACgkQJuPIdadE IO/c7hAAlJPmVZvggqx1vuuybCofC85eQaI4KP1F8GP7GBha7PzXnsV498BiMWgL /4uIYYgM3hvUwvp3FD10htfpyUi8CXya5guhEx8xtZv5bdFYXViCYRQHX3PZFvcR OqQ5oXsi24BYTqQBBYaj1ad8SBUy6f5+3tvqakHUFzWqd9qRpN0xPXp4MRnbfe9+ JGbetCDd4k8WLXPuoC4SZtncU/qMneyixd/GMCaq+GvMcILfy6nDnnzP2ShQIgs6 FZDL0Sv0l55+TIEkO6R+F3yDkpDIUaDq1bwrLWgwP2S9zswABeIeAqm/PCNeDxu0 HrdwrUYvIzw34FVijeaQSN3Z5D2D9DaUhud3kJyF5IDu8bcBH4Kl0Cdu+6Djf1e6 5kRwsF5SbJVbd6KzUXWAO6JFOEhAWoo6kMk1cb41SP7oZ0bDMcMoUXjjaw5t8OcF 9PSyrziG1C1rR9jV5km4nF/5CM0zeKoGIEXMivm7C1fKI8gSYaRsBd7j1HIlxHq0 1cCqmT09H+DbIxSN07AJBrhkfxSaZ+6xT8LMy1a5N+56wgakkXgc1EFV3cYlTDAQ mJ44tLoqVHO72FWGoKjjxIZ+dTn+bdrmNe7WDXFZ17MWRC2r8Bc311bMdHnqQ8u2 eHT8QP29CICQkjftIBH1EbenxrCkxk1SI87QaIOHSDcIrS4rakU=
=MEd/
-----END PGP SIGNATURE-----
--==============u73671755459769238=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ7OfmQAKCRCb9qggYcy5 IQRwAQCN6pC/rQbTw7kffFALzP7aef9qokmUUzm+jn+h+aZnSQD/UQRyj8BXAMcC fa/qy0dcYnKH+I0Aq87eGO2AgwYzXwU=MwYU
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)