-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 06 Feb 2025 17:44:29 +0100 Source: thunderbird Architecture: source Version: 1:128.7.0esr-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Carsten Schoenert Changed-By: Christoph Goehre Changes: thunderbird (1:128.7.0esr-1~deb12u1) bookworm-security; urgency=medium . * [4a9ef4c] New upstream version 128.7.0esr Fixed CVE issues in upstream version 128.7 (MFSA 2025-10): CVE-2025-1009: Use-after-free in XSLT CVE-2025-1010: Use-after-free in Custom Highlight CVE-2025-1011: A bug in WebAssembly code generation could result in a crash CVE-2025-1012: Use-after-free during concurrent delazification CVE-2024-11704: Potential double-free vulnerability in PKCS#7 decryption handling CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows CVE-2025-1014: Certificate length was not properly checked CVE-2025-1015: Unsanitized address book fields CVE-2025-0510: Address of e-mail sender can be spoofed by malicious email CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 Checksums-Sha1: 0b097c12227c52a25b73f77323ea75a785d5a0b3 8492 thunderbird_128.7.0esr-1~deb12u1.dsc 2d7ba44bcbb5eafe309843460d7dc8f2c5bcfe04 13486748 thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz c87f7336c5f91377a4da7f06394539da9fef1351 696902772 thunderbird_128.7.0esr.orig.tar.xz 94a42b696f6462d1439a213ad9cb6e5e03e9dc67 548004 thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz Checksums-Sha256: 554efbddf5cbb0424fb127293bdf35887cff0476bb04fee40507bd0822edc5fa 8492 thunderbird_128.7.0esr-1~deb12u1.dsc 2a720133038a617cfe41eb8d920d93a4cd57d4e0b3bf9a1f40a8b5d203713ded 13486748 thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz 00b4a0365beab0532ee946cd97ffe8c484e6ee844fbd6d09e7788ec3e0ba8563 696902772 thunderbird_128.7.0esr.orig.tar.xz 7be92e9fe203ba5999ff4766dbbf18a2922360e9a2d64d0ce8ccbcc3b8bdf621 548004 thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz Files: a9056960e9b96c0b9cc62080d1baa006 8492 mail optional thunderbird_128.7.0esr-1~deb12u1.dsc ea88d9deb533091622d01e86ea451ac3 13486748 mail optional thunderbird_128.7.0esr.orig-thunderbird-l10n.tar.xz a256fba2121576cbbb36cfbcbd988c20 696902772 mail optional thunderbird_128.7.0esr.orig.tar.xz 290d5dd081fcb64539572badb82675fd 548004 mail optional thunderbird_128.7.0esr-1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmelEJgACgkQJuPIdadE IO/c7hAAlJPmVZvggqx1vuuybCofC85eQaI4KP1F8GP7GBha7PzXnsV498BiMWgL /4uIYYgM3hvUwvp3FD10htfpyUi8CXya5guhEx8xtZv5bdFYXViCYRQHX3PZFvcR OqQ5oXsi24BYTqQBBYaj1ad8SBUy6f5+3tvqakHUFzWqd9qRpN0xPXp4MRnbfe9+ JGbetCDd4k8WLXPuoC4SZtncU/qMneyixd/GMCaq+GvMcILfy6nDnnzP2ShQIgs6 FZDL0Sv0l55+TIEkO6R+F3yDkpDIUaDq1bwrLWgwP2S9zswABeIeAqm/PCNeDxu0 HrdwrUYvIzw34FVijeaQSN3Z5D2D9DaUhud3kJyF5IDu8bcBH4Kl0Cdu+6Djf1e6 5kRwsF5SbJVbd6KzUXWAO6JFOEhAWoo6kMk1cb41SP7oZ0bDMcMoUXjjaw5t8OcF 9PSyrziG1C1rR9jV5km4nF/5CM0zeKoGIEXMivm7C1fKI8gSYaRsBd7j1HIlxHq0 1cCqmT09H+DbIxSN07AJBrhkfxSaZ+6xT8LMy1a5N+56wgakkXgc1EFV3cYlTDAQ mJ44tLoqVHO72FWGoKjjxIZ+dTn+bdrmNe7WDXFZ17MWRC2r8Bc311bMdHnqQ8u2 eHT8QP29CICQkjftIBH1EbenxrCkxk1SI87QaIOHSDcIrS4rakU= =MEd/ -----END PGP SIGNATURE-----