-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2025 17:13:48 +0200
Source: thunderbird
Architecture: source
Version: 1:128.13.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.13.0esr-1) unstable; urgency=medium
.
* [a05512b] New upstream version 128.13.0esr
Fixed CVE issues in upstream version 128.13 (MFSA 2025-62):
CVE-2025-8027: JavaScript engine only wrote partial return value to stack
CVE-2025-8028: Large branch table could lead to truncated instruction
CVE-2025-8029: javascript: URLs executed on object and embed tags
CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL"
command
CVE-2025-8031: Incorrect URL stripping in CSP reports
CVE-2025-8032: XSLT documents could bypass CSP
CVE-2025-8033: Incorrect JavaScript state machine for generators
CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR
128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird
ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1,
Firefox 141 and Thunderbird 141
Checksums-Sha1:
9f689407322f39a0053b9e5a873b8e3ef167760a 8485 thunderbird_128.13.0esr-1.dsc
9ba66dcc30f01b02b9e407bfe808b241bd130b92 13277396 thunderbird_128.13.0esr.orig-thunderbird-l10n.tar.xz
a419d461def1f2dc98c1913b78fe2f11554fdcde 696336540 thunderbird_128.13.0esr.orig.tar.xz
51eb45192f700c70e9e26b730ec98ea89cbb5af4 548736 thunderbird_128.13.0esr-1.debian.tar.xz
e7c1bd0fe520cb7f7303d4ceb89564f9bd38ea82 6422 thunderbird_128.13.0esr-1_source.buildinfo
Checksums-Sha256:
95b9a358cab6c297632a18b2bbe46f8368f3b4fd3a828057a541ef4f6f0e3b08 8485 thunderbird_128.13.0esr-1.dsc
9aadf715f5b198b7408f34bb1e505615ea9b019f5b53b39b4a6eb4effc3711a9 13277396 thunderbird_128.13.0esr.orig-thunderbird-l10n.tar.xz
2c9dfbefa16360fba443f57a826c1f6aeac8215886aafa5dd5b280a93260f7e9 696336540 thunderbird_128.13.0esr.orig.tar.xz
7ebbe7634049c75677e8c1bf32e196ae19efdd6fd37cf10d7c74dad405ecf7d4 548736 thunderbird_128.13.0esr-1.debian.tar.xz
398265876d0fcd01f001494f12bd892c3ddda407e611761fefe9666ce796707f 6422 thunderbird_128.13.0esr-1_source.buildinfo
Files:
40544ce50acfd1b7b4ec2eb3222a629d 8485 mail optional thunderbird_128.13.0esr-1.dsc
70948ec44418e8594b749e2f23a114c3 13277396 mail optional thunderbird_128.13.0esr.orig-thunderbird-l10n.tar.xz
b3ac1ae13b9f1495f0fe98071b803bbc 696336540 mail optional thunderbird_128.13.0esr.orig.tar.xz
54bfeb2ea5cf7b8afde9dffc84e9b62a 548736 mail optional thunderbird_128.13.0esr-1.debian.tar.xz
ec084767f91c998bd78a853e5a2c865c 6422 mail optional thunderbird_128.13.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmiCYigACgkQJuPIdadE
IO8IxA/+L5Jn7cEYnpL3T5vkynQTwI+vCiJPlSocaeBCAbYkrESTMhxttvNgc7mt
zsab8mNrhGa3aYUZK2jsH1MfL6QD/BVSAdPgAWkMPpRGrmWGe5PlUMfReJC6ZdPh
yd+xz24L/t1kxJLNwKBCjATXwFPRt1t6/KQvN5Yx+9omm/0JvSeVrXuVMaRdiOuj
1x3DdlgwEoARu0NBEQtbk9MaAQNwqgbRK48NZlvwahDT8Ny7HBAIGVGAz+hES/kq
KTmXBFebib/9RTyCxAtadkLhWhHRP9pRWoiG1GR1e9GsPjuX8lQo5KP14JlWT8ak
5twWSIMfOSFg9yrGEe6mOSDcnX69FME5VHU57z0FrQRhL1168qn1OALroUCYk7Db
MpX/0MFqYBVRJBURxWb/kbIpNRnpAUXWyIETpTNbWdUSarfvLfCtLY5gbTgXrtN2
+OPBvsMeqffvCjP57X9GbKwhIUl5N9cqNbOgdMQl6ojdzD9iWPj7K4gWgAZgxDdH
MIQNQJkhFuYmMHMva+4v7a9VwturCWjD4TYE1rYVJ9hbcGk3EU1bxGE9xjJ4Le/M
IBKdoFkEKjf1s1xMmBT9Ok9pcG5zg7qXYUBofFfzTwr+ZYTnnxXs9BqjoVVcN6bQ
KqTYgPWyjC5jPUsLOtgiX/ETZQE4enNqUkKIcqwQtac8yxjZYQw=
=jsk4
-----END PGP SIGNATURE-----
Attachment:
pgpm4zFyzqtrQ.pgp
Description: PGP signature