thunderbird (1:60.7.0-1) unstable; urgency=medium . * [f6dd130] New upstream version 60.7.0 Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15) CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-5798: Out-of-bounds read in Skia CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 * [4106d54] rebuild patch queue from patch-queue branch added patch: fixes/rust-ignore-not-available-documentation.patch