Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package thunderbird And one more security related update of the current Thunderbird ESR version 60.7 did happen. A few says ago Mozilla has released Thunderbird 60.7.2 which fixes two CVE vulnerabilities. As usual no major changes did happen to the packaging, I just imported the new source tarball and rebuild the package. Please look further down to see which CVE numbers are marked as fixed by this new TB version. diff -puNr -Naur thunderbird-60.7.1/debian/ thunderbird-60.7.2/debian/ --- thunderbird-60.7.1/debian/changelog 2019-06-14 07:25:35.000000000 +0200 +++ thunderbird-60.7.2/debian/changelog 2019-06-21 18:48:30.000000000 +0200 @@ -1,3 +1,12 @@ +thunderbird (1:60.7.2-1) unstable; urgency=medium + + * [d6c79ed] New upstream version 60.7.2 + Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20 + CVE-2019-11707: Type confusion in Array.pop + CVE-2019-11708: sandbox escape using Prompt:Open + + -- Carsten Schoenert <c.schoen...@t-online.de> Fri, 21 Jun 2019 18:48:43 +0200 + thunderbird (1:60.7.1-1) unstable; urgency=high * [f791dee] New upstream version 60.7.1 Hopefully tha last update before the planed release date of Buster. :) unblock thunderbird/1:60.7.2-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled