From: Peter Michael Green <plugwash@raspbian.org>
Date: Thu, 20 Feb 2020 13:25:48 +0000 (+0000)
Subject: Merge tag '1%68.5.0-1_deb10u1' into buster-working
X-Git-Tag: archive/raspbian/1%68.5.0-1_deb10u1+rpi1~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=97916ff27fbc6964aa943e20992e3a3f9e88cec4;p=thunderbird.git

Merge tag '1%68.5.0-1_deb10u1' into buster-working
---

97916ff27fbc6964aa943e20992e3a3f9e88cec4
diff --cc debian/changelog
index 9579933551,93bbc2c95f..54ce0bd3ab
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,18 -1,35 +1,50 @@@
- thunderbird (1:68.4.1-1~deb10u1+rpi1) buster-staging; urgency=medium
++thunderbird (1:68.5.0-1~deb10u1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +
-   [changes introduced in 1:68.4.1-1~deb10u1+rpi1 by Peter Michael Green]
++  [changes introduced in 1:68.5.0-1~deb10u1 by Peter Michael Green]
 +  * Disable neon (patches taken from firefox-esr package)
 +
 + -- Peter Michael Green <plugwash@raspbian.org>  Sun, 19 Jan 2020 14:10:39 +0000
 +
+ thunderbird (1:68.5.0-1~deb10u1) stable-security; urgency=medium
+ 
+   * Rebuild for buster-security
+     (Closes: #891848)
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Sat, 15 Jan 2020 17:48:09 +0100
+ 
+ thunderbird (1:68.5.0-1) unstable; urgency=medium
+ 
+   * [d79bf82] New upstream version 68.5.0
+     Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07):
+     CVE-2020-6793: Out-of-bounds read when processing certain email messages
+     CVE-2020-6794: Setting a master password post-Thunderbird 52 does not
+                    delete unencrypted previously stored passwords
+     CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
+     CVE-2020-6798: Incorrect parsing of template tag could result in
+                    JavaScript injection
+     CVE-2020-6792: Message ID calculcation was based on uninitialized data
+     CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
+     (Closes: #891848)
+   * [0884df6] d/control: increase Standards-Version to 4.5.0
+     No further changes needed.
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Thu, 13 Feb 2020 17:58:44 +0100
+ 
+ thunderbird (1:68.4.2-1) unstable; urgency=medium
+ 
+   * [7ab7786] d/gbp.conf: add some more files we need to filter out
+   * [9c02c34] New upstream version 68.4.2
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Sun, 26 Jan 2020 13:13:49 +0100
+ 
  thunderbird (1:68.4.1-1~deb10u1) stable-security; urgency=medium
  
    * Rebuild for buster-security