Package: security-tracker Severity: normal Hello everyone!
According to [DSA-4244-1] thunderbird/1:52.9.1-1~deb9u1 fixes CVE-2017-17689 in stretch (security), among other vulnerabilities. However the tracker page for [CVE-2017-17689] seems to disagree, while, on the other hand, referencing bug [#898631], which is claimed to be fixed in oldstable, stable, testing, and unstable. But please note that bug [#898631] does not mention CVE-2017-17689 at all! Oh what a headache! Which is wrong and which is right? Could you please clarify and update the tracker data, if needed? Thanks for your time! [DSA-4244-1]: <https://lists.debian.org/debian-security-announce/2018/msg00173.html> [CVE-2017-17689]: <https://security-tracker.debian.org/tracker/CVE-2017-17689> [#898631]: <https://bugs.debian.org/898631>