-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Feb 2026 15:41:01 +0100 Source: thunderbird Architecture: source Version: 1:140.8.0esr-1 Distribution: unstable Urgency: medium Maintainer: Carsten Schoenert <[email protected]> Changed-By: Christoph Goehre <[email protected]> Changes: thunderbird (1:140.8.0esr-1) unstable; urgency=medium . * [2c79d20] d/source.filter: don't filter out *.orig files * [860f180] New upstream version 140.8.0esr Fixed CVE issues in upstream version 140.8 (MFSA 2026-17): CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component CVE-2026-2761: Sandbox escape in the Graphics: WebRender component CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component CVE-2026-2763: Use-after-free in the JavaScript Engine component CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component CVE-2026-2765: Use-after-free in the JavaScript Engine component CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component CVE-2026-2769: Use-after-free in the Storage: IndexedDB component CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component CVE-2026-2772: Use-after-free in the Audio/Video: Playback component CVE-2026-2773: Incorrect boundary conditions in the Web Audio component CVE-2026-2774: Integer overflow in the Audio/Video component CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software CVE-2026-2777: Privilege escalation in the Messaging System component CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component CVE-2026-2780: Privilege escalation in the Netmonitor component CVE-2026-2781: Integer overflow in the Libraries component in NSS CVE-2026-2782: Privilege escalation in the Netmonitor component CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component CVE-2026-2784: Mitigation bypass in the DOM: Security component CVE-2026-2785: Invalid pointer in the JavaScript Engine component CVE-2026-2786: Use-after-free in the JavaScript Engine component CVE-2026-2787: Use-after-free in the DOM: Window and Location component CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component CVE-2026-2789: Use-after-free in the Graphics: ImageLib component CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component CVE-2026-2791: Mitigation bypass in the Networking: Cache component CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 * [ff6cabd] d/rules: override dh_clean * [eb4c1eb] rebuild patch queue from patch-queue branch added patches: fixes/Add-missing-.gitmodules-files-which-are-needed-to-build-t.patch * [c9b11f8] d/rules: create empty .gitmodules file via dh_auto_configure Checksums-Sha1: 12f521ac224758ab6e27f38edbcf3cce4be3f787 8435 thunderbird_140.8.0esr-1.dsc 4246300b85462254b35623b3ce698cbde0e2a65e 12256396 thunderbird_140.8.0esr.orig-thunderbird-l10n.tar.xz 07d105cd3896d9fe36137b474236d07bc1ae7221 791711444 thunderbird_140.8.0esr.orig.tar.xz d1cdfd60f8a232fddf4d620ae9e78b72459383c6 554276 thunderbird_140.8.0esr-1.debian.tar.xz b75b7cfc8981d2979df322fcf6972a256796513c 8312 thunderbird_140.8.0esr-1_source.buildinfo Checksums-Sha256: 2cf49392dc7185e8fca549cd994717fa08dd4c219b72ac6714dedbe199792356 8435 thunderbird_140.8.0esr-1.dsc 355f5b2a9f9fb545371e4509956dd454513570d17f8d21256cef67758f374068 12256396 thunderbird_140.8.0esr.orig-thunderbird-l10n.tar.xz 3161f706d9115b21f5cd989bfbca71ee73a64c356676bcb3e78af8ee51a2fbab 791711444 thunderbird_140.8.0esr.orig.tar.xz ae743e936376e605aeddec41f8ea0e639a30bf3abc8deba74215ac53fcd2f761 554276 thunderbird_140.8.0esr-1.debian.tar.xz 622f128017d65b28e7468f7df03d5e429dcdaae25c96f571566754147c086d2c 8312 thunderbird_140.8.0esr-1_source.buildinfo Files: 75b174ceded9c7bea1e4c4f9f005fdd1 8435 mail optional thunderbird_140.8.0esr-1.dsc c94b94753a59259f35f129dbe2e71d84 12256396 mail optional thunderbird_140.8.0esr.orig-thunderbird-l10n.tar.xz f77023bdce648171c7ef6d7b224f50a1 791711444 mail optional thunderbird_140.8.0esr.orig.tar.xz cc042e41a49e3eb392f772c6bd094f84 554276 mail optional thunderbird_140.8.0esr-1.debian.tar.xz 5b705f03b4aa64b0866cd81fd4e3fc19 8312 mail optional thunderbird_140.8.0esr-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi5SBnCVVcKN0tizNJuPIdadEIO8FAmmh5vAACgkQJuPIdadE IO+ZsxAA0UEHdgZ9j48smermx7iE+GD8bxY0D8NFGKwqu+Y5L+HPsnuGOrX2vDN+ OILSJSLh4x6JTHFUnlAfEKrnDOIyy3DkuOacsnSB08PUUmpk7ZRy0EgwzYwcKj+T pFT9CcbJJuBaNke4FzWWnQiPaYkOZgaa3D3DyyqlXDw69pHIQu6Px8mfTawQTFH/ DT2E16hqbUoI7RltTVZy5JAHA3tF35pCnccvSg8HzRguHQ5/eyUQyNNJUsIQZ0Rs AgVs0jWn54l/oHY5sR/etK5cfxlEhDr+5kfkKHl1IT1s9p5h1HqQ/BkUXCXqG8F/ RSvbe4NPBRH2ZlFPH4ctodhs0sKmvqBGhVpZ2qtpogt87GrJIpYOK4Oaipc+DeRt 3ak94QtVCcC1U4rh8q/FdhdeSiKPv2RkiEnxBDavYTuaWq2dhK0m1Qs1IbOSHrO3 tK1aP+I75lbPfM05iV6Zb3FyfR1bT/PbM29qs5/qJUTsHX2/RhiLILoZyEe+dGID AFGCSBkf08BoR4cWYPcqoYg5EpJc1osKnWGmig2nIRcOdo65Kxb2bblFCm9lbN62 xJGZd0/g9+emaZU6FMljhMuzxYLnVFnvA4rFvS/qR/VF/N+K7y6ROlUoFp9U9Ctj FxyjYl+YvqTdn3Lcv70jY+J1zxPi+ba+yTvFEscpBQRc13Uth6M= =hpGN -----END PGP SIGNATURE-----
pgpzB0zpQkaqN.pgp
Description: PGP signature
