diff --git a/MozillaThunderbird.changes b/MozillaThunderbird.changes index 57d1c2a..bd646d7 100644 --- a/MozillaThunderbird.changes +++ b/MozillaThunderbird.changes @@ -1,3 +1,79 @@ +------------------------------------------------------------------- +Sun Nov 9 12:24:12 UTC 2025 - Wolfgang Rosenauer + +- Mozilla Thunderbird 140.5.0 ESR + MFSA 2025-91 (bsc#1253188) + * CVE-2025-13012 (bmo#1991458) + Race condition in the Graphics component + * CVE-2025-13016 (bmo#1992130) + Incorrect boundary conditions in the JavaScript: WebAssembly + component + * CVE-2025-13017 (bmo#1980904) + Same-origin policy bypass in the DOM: Notifications component + * CVE-2025-13018 (bmo#1984940) + Mitigation bypass in the DOM: Security component + * CVE-2025-13019 (bmo#1988412) + Same-origin policy bypass in the DOM: Workers component + * CVE-2025-13013 (bmo#1991945) + Mitigation bypass in the DOM: Core & HTML component + * CVE-2025-13020 (bmo#1995686) + Use-after-free in the WebRTC: Audio/Video component + * CVE-2025-13014 (bmo#1994241) + Use-after-free in the Audio/Video component + * CVE-2025-13015 (bmo#1994164) + Spoofing issue in Thunderbird + * fixed: Could not drag and drop ICS file to Today Pane + (bmo#1992935) + * fixed: With Thunderbird closed, clicking a 'mailto:' link to + send signed message failed (bmo#1972857) + * fixed: Upgrade from 128.x->140.x broke authentication for + @att.net using Yahoo backend (bmo#1978361) + +------------------------------------------------------------------- +Sat Oct 18 05:29:10 UTC 2025 - Wolfgang Rosenauer + +- Mozilla Thunderbird 140.4.0 ESR + * Account Hub is now disabled by default for second email account + * Users could not read mail signed with OpenPGP v6 and PQC keys + * Image preview in Insert Image dialog failed with CSP error for web resources + * Emptying trash on exit did not work with some providers + * Thunderbird could crash when applying filters + * Users were unable to override expired mail server certificate + * Opening Website header link in RSS feed incorrectly re-encoded + URL parameters + MFSA 2025-85 (bsc#1251263) + * CVE-2025-11708 (bmo#1988931) + Use-after-free in MediaTrackGraphImpl::GetInstance() + * CVE-2025-11709 (bmo#1989127) + Out of bounds read/write in a privileged process triggered by + WebGL textures + * CVE-2025-11710 (bmo#1989899) + Cross-process information leaked due to malicious IPC + messages + * CVE-2025-11711 (bmo#1989978) + Some non-writable Object properties could be modified + * CVE-2025-11712 (bmo#1979536) + An OBJECT tag type attribute overrode browser behavior on web + resources without a content-type + * CVE-2025-11713 (bmo#1986142) + Potential user-assisted code execution in “Copy as cURL” + command + * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, + bmo#1991040, bmo#1992113) + Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR + 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 + * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, + bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) + Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird + ESR 140.4, Firefox 144 and Thunderbird 144 + +------------------------------------------------------------------- +Tue Sep 30 16:41:53 UTC 2025 - Wolfgang Rosenauer + +- Mozilla Thunderbird 140.3.1 ESR + * several bugfixes listed here + https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes + ------------------------------------------------------------------- Sun Sep 14 06:58:42 UTC 2025 - Wolfgang Rosenauer diff --git a/MozillaThunderbird.spec b/MozillaThunderbird.spec index d31fcd0..364879f 100644 --- a/MozillaThunderbird.spec +++ b/MozillaThunderbird.spec @@ -30,8 +30,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.3.0 -%define orig_version 140.3.0 +%define mainver %major.5.0 +%define orig_version 140.5.0 %define orig_suffix esr %define update_channel esr %define source_prefix thunderbird-%{orig_version} diff --git a/l10n-140.3.0esr.tar.xz b/l10n-140.5.0esr.tar.xz similarity index 100% rename from l10n-140.3.0esr.tar.xz rename to l10n-140.5.0esr.tar.xz diff --git a/tar_stamps b/tar_stamps index 2e6d8cf..dccecab 100644 --- a/tar_stamps +++ b/tar_stamps @@ -1,10 +1,10 @@ PRODUCT="thunderbird" CHANNEL="esr140" -VERSION="140.3.0" +VERSION="140.5.0" VERSION_SUFFIX="esr" -REV_VERSION="140.2.1" +REV_VERSION="140.4.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/comm-esr140" -RELEASE_TAG="34b243658c31506d293b13d67238ccca56c290e0" -RELEASE_TIMESTAMP="20250911182516" +RELEASE_TAG="6a3011b7161c6f3a36d5116f2608d51b19fb4d58" +RELEASE_TIMESTAMP="20251108022659" diff --git a/thunderbird-140.3.0esr.source.tar.xz b/thunderbird-140.3.0esr.source.tar.xz deleted file mode 100644 index 2eb5270..0000000 --- a/thunderbird-140.3.0esr.source.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b538c6cde261e06e37e9cedb854c392ab7850aa220f5007c876357b6546418ae -size 755800156 diff --git a/thunderbird-140.3.0esr.source.tar.xz.asc b/thunderbird-140.3.0esr.source.tar.xz.asc deleted file mode 100644 index 43a97d2..0000000 --- a/thunderbird-140.3.0esr.source.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmjDU+UACgkQXstkl8Gi -AlaRzhAAilg8h5t2o0FZJpVfAc3jaNW9//GFwpnoFu6QB0IEi/QP+SYphSrLmxnS -pjHxhdZ4SHKkcl7EawHmhbW54TuncnUBTRqOhGu+AosUVgrdImVTRaF3mQWh8v94 -G3XsRIPl7T8hd85bACS6HItMhTy7rFsJSiUQZ7C+tXLn0QsL3WNOzx4pmTSEZj56 -ywuctRC6GXTxdw8AZcDG6624RkDTdNq0ISw7Ge24kckpUiGaM/bS455l+Tol72Jy -7+uKywIBWCwumQsTjRf6DeEik543atrNBLb2BAJOCU/HetR5sOcoL+hPUsJU2VNq -53w3Yx991nC0cioeccYEjaxh2ejzaOeRMtuqyxz7OjtBtGu+KUuJahW9kmR/0xBX -1Jof/mT3C2JZZuKj5soaxkGvOL3IWJJ69e2DHW45D6Di/TS9yGgqsy8npuVCZJGA -dfo6/YVivEtQIcwZKqjUQqRAmQ5AMy6hD4fgmK7gw3LqQdig8MwDxkGGLxNRHhah -9NB8sLvG2j1qPUZLBM9Ky5yXXvBuziGpb2llrnK3xr7N2fM6f9d6eTchDt9kG6ly -aSYoSUd/vRYb4XXvr5ESkUDDJRGTmVwEexM/USPOlFg+iPSvmxJ6Rj+R/d3ruhOK -a0qg/ZdGiQmkpD0OXwhOOfTGXZLuI7Qtg6s6NUUQmmGPBJvoLjM= -=R/Vh ------END PGP SIGNATURE----- diff --git a/thunderbird-140.5.0esr.source.tar.xz b/thunderbird-140.5.0esr.source.tar.xz new file mode 100644 index 0000000..fddcfa0 --- /dev/null +++ b/thunderbird-140.5.0esr.source.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb8d10693bbc04c4bfc539c4560779fb436b40326bf70df4c0823ac125b815e5 +size 747338592 diff --git a/thunderbird-140.5.0esr.source.tar.xz.asc b/thunderbird-140.5.0esr.source.tar.xz.asc new file mode 100644 index 0000000..44a668e --- /dev/null +++ b/thunderbird-140.5.0esr.source.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEECb7tY/NGKi3/qzuHXstkl8GiAlYFAmkOzIQACgkQXstkl8Gi +AlasTQ/+JbrEW3aHRhVa1xBwFx5aUXroEAcufGOovpwlmb8wYmmyeuELWbzsrQRv +SX7HqLrF8FYfZOgy8qHbz7W8zIHSi5K312u2WuDdguj4SkUdJp5Qimnq6uW+eBBo +bVrKXFSvUvseuswutCjBLha/A49VHvJehz6f9ITCyva3yiK8LOVEeX/QNkP9Ust7 +8Ry+cgrmWGw3vN991OqYvg3mwKKGuQHk//11gaUaRU2yO6r6bkLWB+bMedGWZWhb +WC+o3Weu1jR5piNKLTrZZjKV5PK4va7bIW13amu+t+XiNBGt/CMnXr2isTJ+qRIs +F7P9yk+mjEoFo3RDslCZorSLv+8VHglIhtw4Ont4KMDzuXru76/RwIa7qaG8vINp +Dx2BOKmIde26X63Nva87+KdEf4x+DoVkPr4yqWUxEugUlWuVXGvBLEhszfbmEqA5 +E8XdYLX4fnrG9kAAg4pGccIYJ4LIu/n82ZDKU7u/vea2Sdcemdcgn35/8jnbs3oV +MNDduQ/ISxIzGuYbosfIIk7oMWUpc7bwnnNb+PuB4GOHNl/PjGXO0iOFgx8iUEPQ +jLHYNVDnPCI2Cdqx5JsObv6zlN9NyJKNVEnDKh9fLmqolkdiy97wSn/Hjz1EwmjG +MlOCr6YByB9kUPPEVYYh852J2yUirgxzc5eA0TuuM9GeL+wQClY= +=wq2n +-----END PGP SIGNATURE-----