From: ftpmaster@ftp-master.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Jul 2025 19:00:52 +0200
Source: thunderbird
Architecture: source
Version: 1:128.12.0esr-1
Distribution: unstable
Urgency: medium
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
Changed-By: Christoph Goehre <chris@sigxcpu.org>
Changes:
thunderbird (1:128.12.0esr-1) unstable; urgency=medium
.
* [c48cfec] New upstream version 128.12.0esr
Fixed CVE issues in upstream version 128.12 (MFSA 2025-55):
CVE-2025-6424: Use-after-free in FontFaceSet
CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent
UUID
CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of
youtube.com
CVE-2025-6430: Content-Disposition header ignored when a file is included
in an embed or object tag
Fixed CVE issues in upstream version 128.11.1 (MFSA 2025-49):
CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and
Credential Leakage via mailbox:/// Links
Checksums-Sha1:
050088485e59a722aab6b9a49adf97803e79b403 8485 thunderbird_128.12.0esr-1.dsc
2a396cbd2390e8ef6ae7f3020363012473582142 13267940 thunderbird_128.12.0esr.orig-thunderbird-l10n.tar.xz
42d50840cf83843ac445309685df4dfaabbbb90d 698972464 thunderbird_128.12.0esr.orig.tar.xz
1593da3a034968edeb3f71e4b11d5b357ed90fe9 548452 thunderbird_128.12.0esr-1.debian.tar.xz
ba88f419f48ba3ab3c6499052df8e384a5ec8271 6418 thunderbird_128.12.0esr-1_source.buildinfo
Checksums-Sha256:
1b90c1f53acb619c493586b7aa39e6b85db8d446ec3e0d0d651d3fe6518b5c3c 8485 thunderbird_128.12.0esr-1.dsc
46a7a0027e96ccd471066cfbb1774e52a96fd96c03961a58d95459a308f17b38 13267940 thunderbird_128.12.0esr.orig-thunderbird-l10n.tar.xz
16fe5f73081dd9c57dcdce5f27bc379e364c837b4fcbc1b8f478b2718dbae600 698972464 thunderbird_128.12.0esr.orig.tar.xz
da980ad1c7300bac1e224470cf2a1aa6f359b3d2367050e8eda6375db1a3353e 548452 thunderbird_128.12.0esr-1.debian.tar.xz
0a095fa29322ffd09812aad9c01bedd98ec178c13da953b19e0e9146cb636e6b 6418 thunderbird_128.12.0esr-1_source.buildinfo
Files:
bbb6acc3a15f586be9a4572e003a983c 8485 mail optional thunderbird_128.12.0esr-1.dsc
d7d471237e2efda0668aa6831f361d10 13267940 mail optional thunderbird_128.12.0esr.orig-thunderbird-l10n.tar.xz
867004d853afc29ff43bad72ab20d086 698972464 mail optional thunderbird_128.12.0esr.orig.tar.xz
46c1a3c49af68d34ee1109f99fe39556 548452 mail optional thunderbird_128.12.0esr-1.debian.tar.xz
5e6a3de4bd91a542a2067d74d7ddbbc7 6418 mail optional thunderbird_128.12.0esr-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmhm0QkACgkQJuPIdadE IO/YdxAAk+lMcB4zeYUJmzikjBwJXthKtdWWkAh3UUclj7w6t+9Nj0tP6V7bVsv0 wfkKpy/U2fwoMLfw0aU+BHpZEsorUg6uTgtBL+ubodH44vwmrvF/664cHjuIh9Y8 11cP/NzJ8xkZ6OQEYxJUElapXq6oVxOWlhMwaLk8yaWwCXbgRVEy12nyXGAEvyyi HJ+OubpS2ak8NotcEr7v+HkiSg3E4dBkYoqq96xVuYn3DjDMqm5gyE+oA0UOejE8 ckcJTYYQq94PK6rEEgY/je31qOZuwD193YkbqexNe4UJRNEU00zFW/fKElJFEQ/T SuoKk9/3ONZ+/YHKrHERE9EpVo6pK5etsETQ6cey/k/DP0HFeYgaBY09mVfUo6yu 1pepj3F5Bz2n/w074fHL3bvqLoxlBSHLarTOmhEFj36PH7fbTrnTxMfx6MH/esMx JRHFdLYWJ3gXFUr+cLjcxYXIjY0n/xD+k6UzLlNhaFxiWUqeQyRSh25+yF+WmN+Q ttqBxxaGNWD7heJ4oJcm5ojlw9R0jGXpbw1S+eY9Ar/ReE+IGo57S1Y/wKVC8j4h z/FDBEQ9fmWr81bIUGbEs3xRXHm5+knVLAAKviBTEhdqvv3Q36Sud0A9qIN3XVUz 60YuCkDNjYEURW9jJygmKrrUaBtmQscUb5DHamSf6mfJdohvnJI=
=ATX0
-----END PGP SIGNATURE-----


--==============537747441653716843=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaGbifgAKCRCb9qggYcy5 IZhAAP94VEWv3W+4lLe/1RxPd1kR7msvvVSyKpAbJoU+R+TMXAD/aOtJCtAd1NWE nQ8kucXRAcWcBazXAB2APXv3pDL2hggÆoq
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)