Re: Wheezy update of icedove?
On Fri, Oct 20, 2017 at 01:10:56PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote:
> > Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
> > and Stretch will be done? Wheezy was a straight rebuild of your work so
> > Jessie and Stretch should be the same. I'd like to avoid having a newer
> > version in Wheezy for too long. Since there's not even a MFSA for
> > Thunderbird yet I assume there are no really critical issues.
> There is https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
Missed that one - only saw the one fore Firefox ESR 52.4, thanks.
> But I fail to see how CVE-2017-7793 can be critical for Thunderbird.
Me too but the MFSA has:
| In general, these flaws cannot be exploited through email in the
| Thunderbird product because scripting is disabled when reading mail, but
| are potentially risks in browser or browser-like contexts.
The last ones seemed to be verbatim copies of the Firefox ones with
Thunderbird specific CVEs added - but there weren't any since TB
specific ones since quiet some time.
CVE-2017-7805 and CVE-2017-7810 are likely more serious for thunderbird.