Accepted thunderbird 1:140.7.0esr-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted thunderbird 1:140.7.0esr-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 15 Jan 2026 18:34:36 +0000
Message-id: <[🔎] E1vgSB2-0000000Beky-1vVD@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jan 2026 14:09:58 +0100
Source: thunderbird
Architecture: source
Version: 1:140.7.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Closes: 1121054 1121117
Changes:
 thunderbird (1:140.7.0esr-1) unstable; urgency=medium
 .
   * [9dd500b] New upstream version 140.7.0esr
     Fixed CVE issues in upstream version 140.7 (MFSA 2026-05):
     CVE-2026-0877: Mitigation bypass in the DOM: Security component
     CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the
                    Graphics: CanvasWebGL component
     CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the
                    Graphics component
     CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics
                    component
     CVE-2026-0882: Use-after-free in the IPC component
     CVE-2025-14327: Spoofing issue in the Downloads Panel component
     CVE-2026-0883: Information disclosure in the Networking component
     CVE-2026-0884: Use-after-free in the JavaScript Engine component
     CVE-2026-0885: Use-after-free in the JavaScript: GC component
     CVE-2026-0886: Incorrect boundary conditions in the Graphics component
     CVE-2026-0887: Clickjacking issue, information disclosure in the PDF
                    Viewer component
     CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop
                    component
     CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird
                    ESR 140.7, Firefox 147 and Thunderbird 147
   * [6da09ab] rebuild patch queue from patch-queue branch
     added patches:
     fixes/enable-use-of-gpgme-greater-equal-two-dot-zero.patch
     (Closes: #1121054)
   * [9adc353] d/control: add libgpgme to Depends
     dpkg-shlibdeps doesn't detect the need to add the library libgpgme to
     ${misc:Depends} so adding that package manually to the list.
     (Closes: #1121117)
Checksums-Sha1:
 7a7b2c6e3f9710e4e72b45626b3be356dea2683d 8437 thunderbird_140.7.0esr-1.dsc
 539b844bfeba51b700a13abc9b61eb36cf4079c1 12258068 thunderbird_140.7.0esr.orig-thunderbird-l10n.tar.xz
 f1f1c11f7c71706e00b55f37ab1197c672397416 793863620 thunderbird_140.7.0esr.orig.tar.xz
 428020d37f211ae93796d7712b77c8683f49ba40 553140 thunderbird_140.7.0esr-1.debian.tar.xz
 4627efda52b0f3af53f157f69f08682858516c42 8322 thunderbird_140.7.0esr-1_source.buildinfo
Checksums-Sha256:
 58fc90bc7cbdc5e6e09b9b7c7235bb89a32e5e91e7f76d8f6486f42aabee924b 8437 thunderbird_140.7.0esr-1.dsc
 d6bd5c4a61a2eba4ab14e0fd719d95befa966354113109f09a7268e05bebedf4 12258068 thunderbird_140.7.0esr.orig-thunderbird-l10n.tar.xz
 ef6c1c8e04402578f33e7f0f2d07e3cb48c9931f9802a03635062fbc4a4a0ce2 793863620 thunderbird_140.7.0esr.orig.tar.xz
 e31ef859358eb745c33d02f10837057774df40549ad8234ca200abca6fe7cf70 553140 thunderbird_140.7.0esr-1.debian.tar.xz
 bf2f97003d41e9c4243268c861280ecd1d203f209a4d7a608236718a6a26a2bd 8322 thunderbird_140.7.0esr-1_source.buildinfo
Files:
 e7a728ae378e726c50381c00fc21c921 8437 mail optional thunderbird_140.7.0esr-1.dsc
 6a52ec54c21ab833da135e574f8e8c65 12258068 mail optional thunderbird_140.7.0esr.orig-thunderbird-l10n.tar.xz
 ee2b9f62ff1cf2cae289627376b1be36 793863620 mail optional thunderbird_140.7.0esr.orig.tar.xz
 02ff731ae1f7c3b85580537a1f762baf 553140 mail optional thunderbird_140.7.0esr-1.debian.tar.xz
 4043b57558d8c0d6d6c43b457d69ed49 8322 mail optional thunderbird_140.7.0esr-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmlpFkIACgkQJuPIdadE
IO8fvg/9E2b/OSMMuhqoYnQlGXE8gIY2tNfSB5vK2Irg5GQGldiT+niKFpdQPEHW
wB32wUkjqUSiLhdoX7y6eopqsx32dfciOcoOJ0Uozl5LPYXK8ywJnSO+PoCI4WbP
7xGZSX6ePCXnp3r05s1aCBG81FMPKEBRV7IRI5vTeIbTxfZdyPIoYF2ip38WYTii
HHaC9F8VHlM27zwQj/Odn32DX+Z5jW7GgP1/5cGM1SnaUxv+LLCdHb3JGB6Ii+zL
D0qhBDs+a5feebI9ZK6tYbfQzOWoKu4zewWUzw8zmkLqNnVSsCf8uYvgeQ+eUbFG
98yAsgtcxqUAp40vtoLSjQh5lGS2JxfIBKNtGtxyUFPob44se99V4xnY1KCAuZvR
E4ci2I3cyBqIeNnXyKn+cks3mUS2WyciQ+HuxrQ0AD99SsyM+lU0JqkPtDh2X/ON
UhZDgzKc507u81L1pxbkJx8+LA4n9NOOiL76CWYqzu30t0hXKXBDcbQQBCiFIAoQ
7H0l+LAeaYW5bYAvUe8evhuZFCFh033vTLQTWv1UVmhHEgCP1PgpGqG7xGzKLYcN
l0DDypX+2t9ssrhf1QOqoF4ou7pekjN02p45SGfefi84SFf2+tbrEVfg/L84LCct
iN+RvAHzIG77l1xvf/SoCBCSi8HONPr9lfkpBy3xQH7igi/3DNY=
=dhns
-----END PGP SIGNATURE-----

Attachment: pgpqQY2UlKNjk.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted anthropic-sdk-python 0.76.0-1 (source) into unstable
Next by Date: Accepted amavisd-milter 1.7.2-3 (source) into unstable
Previous by thread: Accepted anthropic-sdk-python 0.76.0-1 (source) into unstable
Next by thread: Accepted amavisd-milter 1.7.2-3 (source) into unstable
Index(es):
- Date
- Thread