Re: Wheezy update of icedove?

To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Carsten Schoenert <c.schoenert@t-online.de>, Christoph Goehre <chris@sigxcpu.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Wheezy update of icedove?
From: Guido Günther <agx@sigxcpu.org>
Date: Fri, 20 Oct 2017 13:18:12 +0200
Message-id: <[🔎] 20171020111812.xf5gjr75vhcxuvif@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Moritz Muehlenhoff <jmm@inutil.org>, Carsten Schoenert <c.schoenert@t-online.de>, Christoph Goehre <chris@sigxcpu.org>, Debian LTS <debian-lts@lists.debian.org>
In-reply-to: <[🔎] 20171020111056.GA6097@inutil.org>
References: <[🔎] 20171014172345.5tdrfuup37up22yd@inguza.net> <[🔎] 20171014172720.yzlb6onflpcl7gmm@bogon.m.sigxcpu.org> <[🔎] CABY6=0keie+9ocbh0X6redLAQN=BxHRkwu3CW14xJ9OQ_-vw6g@mail.gmail.com> <[🔎] dadf587e-a70d-7279-022f-833a15256328@t-online.de> <[🔎] 20171015212444.uxjiu2rwe7rumla5@bogon.m.sigxcpu.org> <[🔎] cc15b714-8ec3-7dc5-5165-f8dee482d659@t-online.de> <[🔎] 20171020110609.3vawwwkyirsk6ihl@bogon.m.sigxcpu.org> <[🔎] 20171020111056.GA6097@inutil.org>

Hi,
On Fri, Oct 20, 2017 at 01:10:56PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote:
> > Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
> > and Stretch will be done? Wheezy was a straight rebuild of your work so
> > Jessie and Stretch should be the same. I'd like to avoid having a newer
> > version in Wheezy for too long. Since there's not even a MFSA for
> > Thunderbird yet I assume there are no really critical issues.
> 
> There is https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/

Missed that one - only saw the one fore Firefox ESR 52.4, thanks.

> But I fail to see how CVE-2017-7793 can be critical for Thunderbird.

Me too but the MFSA has:

| In general, these flaws cannot be exploited through email in the
| Thunderbird product because scripting is disabled when reading mail, but
| are potentially risks in browser or browser-like contexts.

The last ones seemed to be verbatim copies of the Firefox ones with
Thunderbird specific CVEs added - but there weren't any since TB
specific ones since quiet some time.

CVE-2017-7805 and CVE-2017-7810 are likely more serious for thunderbird.
Cheers,
 -- Guido

Reply to:

References:
- Wheezy update of icedove?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: Wheezy update of icedove?
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Wheezy update of icedove?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: Wheezy update of icedove?
  - From: Carsten Schoenert <c.schoenert@t-online.de>
- Re: Wheezy update of icedove?
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Wheezy update of icedove?
  - From: Carsten Schoenert <c.schoenert@t-online.de>
- Re: Wheezy update of icedove?
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Wheezy update of icedove?
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Wheezy update of icedove?
Next by Date: libclamunrar7 i386 only deb7u1
Previous by thread: Re: Wheezy update of icedove?
Next by thread: Re: Wheezy update of icedove?
Index(es):
- Date
- Thread