projects / thunderbird.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: f6f0b35 250d650)
Merge version 1:60.6.1-1+rpi1 and 1:60.7.0-1 to produce 1:60.7.0-1+rpi1 archive/raspbian/1%60.7.0-1+rpi1 raspbian/1%60.7.0-1+rpi1
authorRaspbian automatic forward porter <root@raspbian.org>
Fri, 31 May 2019 06:01:26 +0000 (07:01 +0100)
committerRaspbian automatic forward porter <root@raspbian.org>
Fri, 31 May 2019 06:01:26 +0000 (07:01 +0100)
1  2 
debian/changelog patch | diff1 | diff2 | blob | history
debian/patches/series patch | diff1 | diff2 | blob | history

diff --cc debian/changelog
index 66c16d6332af9b3a5fd4b32d933957fb3512b557,9aa604f5ed79adf8e3ccc68054d5bce2225eca5d..ca785e5b4a8ad653d3f75dbf8b21730312aec4cb
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,29 +1,42 @@@
- thunderbird (1:60.6.1-1+rpi1) buster-staging; urgency=medium
++thunderbird (1:60.7.0-1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +  * Add build-depends on clang-6.0 (to match libclang-6.0-dev)
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Thu, 11 Apr 2019 09:52:04 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 31 May 2019 06:01:23 +0000
++
+ thunderbird (1:60.7.0-1) unstable; urgency=medium
+   * [f6dd130] New upstream version 60.7.0
+     Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15)
+     CVE-2019-9816: Type confusion with object groups and UnboxedObjects
+     CVE-2019-9817: Stealing of cross-domain images using canvas
+     CVE-2019-9819: Compartment mismatch with fetch API
+     CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
+     CVE-2019-11691: Use-after-free in XMLHttpRequest
+     CVE-2019-11692: Use-after-free removing listeners in the event listener
+                     manager
+     CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
+     CVE-2019-7317: Use-after-free in png_image_free of libpng library
+     CVE-2019-9797: Cross-origin theft of images with createImageBitmap
+     CVE-2018-18511: Cross-origin theft of images with
+                     ImageBitmapRenderingContext
+     CVE-2019-11698: Theft of user history data through drag and drop of
+                     hyperlinks to and from bookmarks
+     CVE-2019-5798: Out-of-bounds read in Skia
+     CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7,
+                    and Thunderbird 60.7
+   * [4106d54] rebuild patch queue from patch-queue branch
+     added patch:
+     fixes/rust-ignore-not-available-documentation.patch
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Thu, 23 May 2019 17:03:27 +0200
  
  thunderbird (1:60.6.1-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index 7c130277fa177b33efd2a87e7535751d9ffec8a4,a67c02fe99852048415af1071a9594bbb1a4fa92..d86c4d0c2b5b5663b5321319cb4acb68af98bf74
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -38,4 -38,4 +38,5 @@@ porting-armel/Bug-1463035-Remove-MOZ_SI
  porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
  porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
  fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
+ fixes/rust-ignore-not-available-documentation.patch
 +raspbian-rust-triplet-hack.patch
Unnamed repository; edit this file 'description' to name the repository.