Document changes and release 1:91.5.0-1

debian/changelog

+thunderbird (1:91.5.0-1) unstable; urgency=medium
+
+  [ Carsten Schoenert ]
+  * [8d4e5f8] New upstream version 91.5.0
+    Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
+    CVE-2022-22743: Browser window spoof using fullscreen mode
+    CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
+                    mode
+    CVE-2022-22741: Browser window spoof using fullscreen mode
+    CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
+    CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
+    CVE-2022-22737: Race condition when playing audio files
+    CVE-2021-4140: Iframe sandbox bypass with XSLT
+    CVE-2022-22748: Spoofed origin on external protocol launch dialog
+    CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
+                    event
+    CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
+                    escape website-controlled data, potentially leading to
+                    command injection
+    CVE-2022-22747: Crash when handling empty pkcs7 sequence
+    CVE-2022-22739: Missing throttling on external protocol launch dialog
+    CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
+  * [a86c0b4] Rebuild patch queue from patch-queue branch
+    Modified patch:
+    debian-hacks/Add-another-preferences-directory-for-applications-p.patch
+    Reworking the patch so LoadDirIntoArray is working again that is adding
+    an additional syspref folder for global settings to use.
+    (Closes: #997841, #1003280)
+  * [442988b] autopkgtest: Adding check for accessing syspref folder
+
+  [ Jochen Sprickerhof ]
+  * [5b5d508] d/thunderbird-wrapper.sh: Use 'command -v'
+    (Closes:#1002570 )
+
+ -- Carsten Schoenert <c.schoenert@t-online.de>  Tue, 11 Jan 2022 19:12:50 +0100
+
 thunderbird (1:91.4.1-1) unstable; urgency=medium
 
   * [c5b36d3] New upstream version 91.4.1