thunderbird (1:115.5.0-1) unstable; urgency=medium
[ intrigeri ]
* [
a6be3ab] AppArmor: update profile from upstream at commit
9d3fa88cdab512e45f6fd80f067337f200d356bc
[ Carsten Schoenert ]
* [
ed61fd6] New upstream version 115.5.0
Fixed CVE issues in upstream version 115.5 (MFSA 2023-52):
CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
CVE-2023-6205: Use-after-free in MessagePort::Entangled
CVE-2023-6206: Clickjacking permission prompts using the fullscreen
transition
CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
CVE-2023-6208: Using Selection API would copy contents into X11 primary
selection.
CVE-2023-6209: Incorrect parsing of relative URLs starting with "///"
CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5
[dgit import unpatched thunderbird 1:115.5.0-1]