From ec5f90ea171eb4be7f4237cd7a1d1961279ed6dd49d5d6f42e94779320f399ef Mon Sep 17 00:00:00 2001
From: Marcus Meissner <msmeissn@noreply.src.opensuse.org>
Date: Tue, 18 Nov 2025 12:01:06 +0100
Subject: [PATCH 1/2] Update submodules from pool/MozillaThunderbird#9 and
 create patchinfo.20251118110024655567.187004354831441/_patchinfo

---
 MozillaThunderbird                            |  2 +-
 .../_patchinfo                                | 68 +++++++++++++++++++
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 patchinfo.20251118110024655567.187004354831441/_patchinfo

diff --git a/MozillaThunderbird b/MozillaThunderbird
index 22f3838..0027b98 160000
--- a/MozillaThunderbird
+++ b/MozillaThunderbird
@@ -1 +1 @@
-Subproject commit 22f383859f87a98bbefa8d77c5f65ec29c591dbbf4290a71f80f85d0442b32b3
+Subproject commit 0027b9883899ad1a38857403902aa19dc12e5e30c8f6f25aa9e28fe8721038de
diff --git a/patchinfo.20251118110024655567.187004354831441/_patchinfo b/patchinfo.20251118110024655567.187004354831441/_patchinfo
new file mode 100644
index 0000000..4b181ee
--- /dev/null
+++ b/patchinfo.20251118110024655567.187004354831441/_patchinfo
@@ -0,0 +1,68 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-13016">firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component</issue>
+  <issue tracker="cve" id="2025-13019">firefox: Same-origin policy bypass in the DOM: Workers component</issue>
+  <issue tracker="cve" id="2025-13020">firefox: Use-after-free in the WebRTC: Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13017">firefox: Same-origin policy bypass in the DOM: Notifications component</issue>
+  <issue tracker="cve" id="2025-13015">firefox: Spoofing issue in Firefox</issue>
+  <issue tracker="cve" id="2025-13012">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <issue tracker="cve" id="2025-13018">firefox: Mitigation bypass in the DOM: Security component</issue>
+  <issue tracker="cve" id="2025-13014">firefox: Use-after-free in the Audio/Video component</issue>
+  <issue tracker="cve" id="2025-13013">firefox: Mitigation bypass in the DOM: Core &amp; HTML component</issue>
+  <issue tracker="bnc" id="1253188">VUL-0: MozillaFirefox / MozillaThunderbird: update to 145.0 and 140.5esr</issue>
+  <packager>Yoshio_Sato</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for MozillaThunderbird</summary>
+  <description>This update for MozillaThunderbird fixes the following issues:
+
+Changes in MozillaThunderbird:
+
+Mozilla Thunderbird 140.5.0 ESR
+
+MFSA 2025-91 (bsc#1253188):
+
+  * CVE-2025-13012
+    Race condition in the Graphics component
+  * CVE-2025-13016
+    Incorrect boundary conditions in the JavaScript: WebAssembly
+    component
+  * CVE-2025-13017
+    Same-origin policy bypass in the DOM: Notifications component
+  * CVE-2025-13018
+    Mitigation bypass in the DOM: Security component
+  * CVE-2025-13019
+    Same-origin policy bypass in the DOM: Workers component
+  * CVE-2025-13013
+    Mitigation bypass in the DOM: Core &amp; HTML component
+  * CVE-2025-13020
+    Use-after-free in the WebRTC: Audio/Video component
+  * CVE-2025-13014
+    Use-after-free in the Audio/Video component
+  * CVE-2025-13015
+    Spoofing issue in Thunderbird
+  * fixed: Could not drag and drop ICS file to Today Pane
+  * fixed: With Thunderbird closed, clicking a 'mailto:' link to
+    send signed message failed
+  * fixed: Upgrade from 128.x-&gt;140.x broke authentication for
+    @att.net using Yahoo backend
+
+Mozilla Thunderbird 140.4.0 ESR
+
+  * Account Hub is now disabled by default for second email account
+  * Users could not read mail signed with OpenPGP v6 and PQC keys
+  * Image preview in Insert Image dialog failed with CSP error for web resources
+  * Emptying trash on exit did not work with some providers
+  * Thunderbird could crash when applying filters
+  * Users were unable to override expired mail server certificate
+  * Opening Website header link in RSS feed incorrectly re-encoded
+    URL parameters
+
+Mozilla Thunderbird 140.3.1 ESR:
+
+  * several bugfixes listed here
+    https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes
+-------------------------------------------------------------------
+</description>
+  <package>MozillaThunderbird</package>
+  <seperate_build_arch/>
+</patchinfo>
-- 
2.51.1


From 4b3a8849e623f60cf7988435ab35a8298a68aa639c35b08da19b8a05b9bb1424 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <msmeissn@noreply.src.opensuse.org>
Date: Tue, 18 Nov 2025 14:19:31 +0100
Subject: [PATCH 2/2] Update
 patchinfo.20251118110024655567.187004354831441/_patchinfo

---
 patchinfo.20251118110024655567.187004354831441/_patchinfo | 1 -
 1 file changed, 1 deletion(-)

diff --git a/patchinfo.20251118110024655567.187004354831441/_patchinfo b/patchinfo.20251118110024655567.187004354831441/_patchinfo
index 4b181ee..6b61b0c 100644
--- a/patchinfo.20251118110024655567.187004354831441/_patchinfo
+++ b/patchinfo.20251118110024655567.187004354831441/_patchinfo
@@ -64,5 +64,4 @@ Mozilla Thunderbird 140.3.1 ESR:
 -------------------------------------------------------------------
 </description>
   <package>MozillaThunderbird</package>
-  <seperate_build_arch/>
 </patchinfo>
-- 
2.51.1