-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Sep 2025 09:52:43 +0200
Source: thunderbird
Architecture: source
Version: 1:140.3.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Carsten Schoenert <c.schoenert@t-online.de>
Closes: 1059966 1115457 1115605
Changes:
thunderbird (1:140.3.0esr-1) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [de64a72] d/watch: Mangle 'esr' suffix from version
* [85543ab] New upstream version 140.3.0esr
Fixed CVE issues in upstream version 140.3 (MFSA 2025-78):
CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics:
Canvas2D component
CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer
in the Graphics: Canvas2D component
CVE-2025-10529: Same-origin policy bypass in the Layout component
CVE-2025-10532: Incorrect boundary conditions in the JavaScript:
GC component
CVE-2025-10533: Integer overflow in the SVG component
CVE-2025-10536: Information disclosure in the Networking: Cache component
CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3,
Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
(Closes: #1115605)
* [635002d] Rebuild patch queue from patch-queue branch
* [6d2f42d] d/control: Remove Rules-Requires-Root
.
[ Carles Pina i Estany ]
* [634cd34] d/control: Drop Recommends on thunderbird-l10n-fi
(Closes: #1115457)
.
[ Dandan Zhang ]
* [00691f6] d/control: Adding loong64 architecture
(Closes: #1059966)
Checksums-Sha1:
3d8da04634b91bb61ad35fbd1c791695474032ed 8437 thunderbird_140.3.0esr-1.dsc
618ad7d55ab15d384ec4506c1eba23e7854940b8 12179060 thunderbird_140.3.0esr.orig-thunderbird-l10n.tar.xz
fe751dcc1a5c2646cafdd29e1d36cea4e1ac953b 792204404 thunderbird_140.3.0esr.orig.tar.xz
2b130841f37c594c55f3e18f30ebe5059bbe006a 551708 thunderbird_140.3.0esr-1.debian.tar.xz
f5c7b0ec2b5ae08e740e34d9584f624d9e79a962 40251 thunderbird_140.3.0esr-1_amd64.buildinfo
Checksums-Sha256:
5914fa92578d4030be284f6024b54cae55f0bdcfe7536806f5b37de0acb0a61f 8437 thunderbird_140.3.0esr-1.dsc
4f0a8fa1bef52912dfc17aa977d1792ce56d2389df83622a8b50af6db77e8a7b 12179060 thunderbird_140.3.0esr.orig-thunderbird-l10n.tar.xz
da92e2afa33713f1214e9c781ac9c04fa34167e9aa9edb354a761a2fe52581c0 792204404 thunderbird_140.3.0esr.orig.tar.xz
e5caf7bdcd49bc4076e6cfd68f16adff4b0831cf46c97de3d70bd42bda14b26b 551708 thunderbird_140.3.0esr-1.debian.tar.xz
14a01b96d3fb9881968f6c7dfbde76c2d4ca342a271b0ae234d8a98af962ee4e 40251 thunderbird_140.3.0esr-1_amd64.buildinfo
Files:
886a142f86e47abf3c0fc1aad82db5d5 8437 mail optional thunderbird_140.3.0esr-1.dsc
719d03104b49ebaaab80d802812b38f8 12179060 mail optional thunderbird_140.3.0esr.orig-thunderbird-l10n.tar.xz
abeceec85200a8390829c816ec45442d 792204404 mail optional thunderbird_140.3.0esr.orig.tar.xz
36125440ef58818157b09a3e62b82a84 551708 mail optional thunderbird_140.3.0esr-1.debian.tar.xz
4ba618b69862208fa8b948419339294e 40251 mail optional thunderbird_140.3.0esr-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmjOdgsACgkQgwFgFCUd
HbCddxAAkteYNiG+45ug7COrikAhVXO/N17u4JtXM3leyHuxLkVncHp3QxOixj5X
wZesgdqQjf78sdyArQ66XdBKhsQ807QjcfCI8VpXGWIXz+QUzfaMxR8piAC4zTD6
nzUaOKQxkRnBfqU0RpeIgXWKUybFQW3N/D6dTPbYMaX3pIzYrtvFiNTTciDN7I5u
J/rPp2bqLFcmPRtg4aCFRfpoyDthprs0Da5SMbHYt3vk8Ghsez4PGnqALzRcx5DO
uygJQcOnvcJoJQI4P4lkbzAk1Hgj0QO8s3pPys+3D1iMXw5kEX7P30DaiClvzol+
H+cnn+tuFVQkzqujHnflXzLM5WT3lhA4N6S04H0udX+FT79AkuhQmZPnyRjkefcw
6OjBYHSSBwYSNKxGixhPzvkgVFrXO/6qwQcxalkMq9f4ggyeq68MTg8aN+BCbUIY
Qc4XniLyobEVLMUX/f/jNxIimEmBCFfjdxz7vCohTXWfRiZ2aMLAHhpci3WoSJQs
/BPwV6Z4ZiDs+BzIvK7VGTjX7UW5hZb52YcFD6arOwa4xkfJpw2rkXVzCRj/iptg
kyD4P3+eo+4ZqksKpHeVPkBp67Q+ir8kWp+h22cy3OqdZI2NZRKRPMQnMUsvzsGR
oIU5k+lFMbXfsmIQZDZTuLYYE7BwKm7VAHZAraWZHngXl/Nm5Ls=
=R5Hy
-----END PGP SIGNATURE-----
Attachment:
pgpZ_HlLvcpvN.pgp
Description: PGP signature