Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package thunderbird The release of an updated Thunderbird package by Mozilla was needed due found CVE issues. There are no changes did happen to the packaging thunderbird itself, it was only necessary to import the new sources and start a rebuild. The modification within the debian folder are really small and simple. $ diff -Naur thunderbird-60.7.0/debian/ thunderbird-60.7.1/debian/ diff -puNr -Naur thunderbird-60.7.0/debian/changelog thunderbird-60.7.1/debian/changelog --- thunderbird-60.7.0/debian/changelog 2019-06-15 10:00:28.591606482 +0200 +++ thunderbird-60.7.1/debian/changelog 2019-06-15 10:02:39.604085695 +0200 @@ -1,3 +1,14 @@ +thunderbird (1:60.7.1-1) unstable; urgency=high + + * [f791dee] New upstream version 60.7.1 + Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17) + CVE-2019-11703: Heap buffer overflow in icalparser.c + CVE-2019-11704: Heap buffer overflow in icalvalue.c + CVE-2019-11705: Stack buffer overflow in icalrecur.c + CVE-2019-11706: Type confusion in icalproperty.c + + -- Carsten Schoenert <c.schoen...@t-online.de> Fri, 14 Jun 2019 07:25:35 +0200 + thunderbird (1:60.7.0-1) unstable; urgency=medium * [f6dd130] New upstream version 60.7.0 So please consider to unblock the thunderbird package 1:60.7.1-1. unblock thunderbird/1:60.7.1-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, aarch64, arm64 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled