Commit e44b3fc6 authored by Carsten Schoenert's avatar Carsten Schoenert
Browse files

Document changes and release 1:91.5.0-1

parent 442988bf
thunderbird (1:91.5.0-1) unstable; urgency=medium
[ Carsten Schoenert ]
* [8d4e5f8] New upstream version 91.5.0
Fixed CVE issues in upstream version 91.5 (MFSA 2022-03):
CVE-2022-22743: Browser window spoof using fullscreen mode
CVE-2022-22742: Out-of-bounds memory access when inserting text in edit
CVE-2022-22741: Browser window spoof using fullscreen mode
CVE-2022-22740: Use-after-free of ChannelEventQueue::mOwner
CVE-2022-22738: Heap-buffer-overflow in blendGaussianBlur
CVE-2022-22737: Race condition when playing audio files
CVE-2021-4140: Iframe sandbox bypass with XSLT
CVE-2022-22748: Spoofed origin on external protocol launch dialog
CVE-2022-22745: Leaking cross-origin URLs through securitypolicyviolation
CVE-2022-22744: The 'Copy as curl' feature in DevTools did not fully
escape website-controlled data, potentially leading to
command injection
CVE-2022-22747: Crash when handling empty pkcs7 sequence
CVE-2022-22739: Missing throttling on external protocol launch dialog
CVE-2022-22751: Memory safety bugs fixed in Thunderbird 91.5
* [a86c0b4] Rebuild patch queue from patch-queue branch
Modified patch:
Reworking the patch so LoadDirIntoArray is working again that is adding
an additional syspref folder for global settings to use.
(Closes: #997841, #1003280)
* [442988b] autopkgtest: Adding check for accessing syspref folder
[ Jochen Sprickerhof ]
* [5b5d508] d/ Use 'command -v'
(Closes:#1002570 )
-- Carsten Schoenert <> Tue, 11 Jan 2022 19:12:50 +0100
thunderbird (1:91.4.1-1) unstable; urgency=medium
* [c5b36d3] New upstream version 91.4.1
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment