From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 31 May 2019 06:01:26 +0000 (+0100)
Subject: Merge version 1:60.6.1-1+rpi1 and 1:60.7.0-1 to produce 1:60.7.0-1+rpi1
X-Git-Tag: archive/raspbian/1%60.7.0-1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9e117fbfa54829f70975e7583878c48a04052c01;p=thunderbird.git

Merge version 1:60.6.1-1+rpi1 and 1:60.7.0-1 to produce 1:60.7.0-1+rpi1
---

9e117fbfa54829f70975e7583878c48a04052c01
diff --cc debian/changelog
index 66c16d6332,9aa604f5ed..ca785e5b4a
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,29 +1,42 @@@
- thunderbird (1:60.6.1-1+rpi1) buster-staging; urgency=medium
++thunderbird (1:60.7.0-1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought over from firefox-esr 60.3.0esr-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 05 Dec 2018 06:56:52 +0000]
 +  * Hack broken rust target selection so it produces the right target
 +    on raspbian.
 +  * Fix clean target.
 +
 +  [changes introduced in 60.4.0-1+rpi1 by Peter Michael Green]
 +  * Further fixes to clean target (still not completely fixed :( ).
 +  * Add build-depends on clang-6.0 (to match libclang-6.0-dev)
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Thu, 11 Apr 2019 09:52:04 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 31 May 2019 06:01:23 +0000
++
+ thunderbird (1:60.7.0-1) unstable; urgency=medium
+ 
+   * [f6dd130] New upstream version 60.7.0
+     Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15)
+     CVE-2019-9816: Type confusion with object groups and UnboxedObjects
+     CVE-2019-9817: Stealing of cross-domain images using canvas
+     CVE-2019-9819: Compartment mismatch with fetch API
+     CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
+     CVE-2019-11691: Use-after-free in XMLHttpRequest
+     CVE-2019-11692: Use-after-free removing listeners in the event listener
+                     manager
+     CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
+     CVE-2019-7317: Use-after-free in png_image_free of libpng library
+     CVE-2019-9797: Cross-origin theft of images with createImageBitmap
+     CVE-2018-18511: Cross-origin theft of images with
+                     ImageBitmapRenderingContext
+     CVE-2019-11698: Theft of user history data through drag and drop of
+                     hyperlinks to and from bookmarks
+     CVE-2019-5798: Out-of-bounds read in Skia
+     CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7,
+                    and Thunderbird 60.7
+   * [4106d54] rebuild patch queue from patch-queue branch
+     added patch:
+     fixes/rust-ignore-not-available-documentation.patch
+ 
+  -- Carsten Schoenert <c.schoenert@t-online.de>  Thu, 23 May 2019 17:03:27 +0200
  
  thunderbird (1:60.6.1-1) unstable; urgency=medium
  
diff --cc debian/patches/series
index 7c130277fa,a67c02fe99..d86c4d0c2b
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -38,4 -38,4 +38,5 @@@ porting-armel/Bug-1463035-Remove-MOZ_SI
  porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
  porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
  fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
+ fixes/rust-ignore-not-available-documentation.patch
 +raspbian-rust-triplet-hack.patch