Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3

[Moritz Mühlenhoff <jmm@inutil.org>]

On Sat, Oct 20, 2018 at 10:43:31AM +0100, Adam D. Barratt wrote:
> On Fri, 2018-10-05 at 17:48 -0500, Daniel Kahn Gillmor wrote:
> > I'd like to update the version of GnuPG in debian stable with a
> > series of targeted bugfixes (most of which are backported from
> > upstream).
> [...]
> > I note that this is *not* itself a security fix -- these fixes do not
> > address a specific vulnerability in stretch's version of GnuPG.
> > However, they do have security implications for stretch, because they
> > are needed in order to support enigmail since the thunderbird 60
> > upgrade.
> > 
> > If the release team or the security team (x-debbug-cc'ed here) would
> > prefer that we handle this via stretch-security instead of
> > stretch-proposed-updates, that's fine with me: please let me know.
> 
> Any chance of an explicit opinion from the Security Team here? [CCed]

That's all bugfixes related to enabling Enigmail and nothing in their
is itself security-related, so I think that's something for the point
update, not security.debian.org

Cheers,
        Moritz