Bug#929559: marked as done (unblock: thunderbird/1:60.7.0-1)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#929559: marked as done (unblock: thunderbird/1:60.7.0-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 26 May 2019 07:24:02 +0000
Message-id: <[🔎] handler.929559.D929559.155885530116324.ackdone@bugs.debian.org>
Reply-to: 929559@bugs.debian.org
References: <b9545de4-5b03-4500-da1a-b6d346465823@thykier.net> <[🔎] 155884876328.31751.15589934049342573080.reportbug@x260.cruise.homelinux.net>

Your message dated Sun, 26 May 2019 07:21:00 +0000
with message-id <b9545de4-5b03-4500-da1a-b6d346465823@thykier.net>
and subject line Re: Bug#929559: unblock: thunderbird/1:60.7.0-1
has caused the Debian Bug report #929559,
regarding unblock: thunderbird/1:60.7.0-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
929559: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929559
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: thunderbird/1:60.7.0-1
From: Carsten Schoenert <c.schoenert@t-online.de>
Date: Sun, 26 May 2019 07:32:43 +0200
Message-id: <[🔎] 155884876328.31751.15589934049342573080.reportbug@x260.cruise.homelinux.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package thunderbird

The package Thunderbird got the usual update to a new ESR version with
an update to 60.7.0.
This update fixes some known CVEs.

The changes to the packaging can be seen within the following diff output:

$ diff -Naur thunderbird-60.6.1/debian/ thunderbird-60.7.0/debian/
diff -puNr -Naur thunderbird-60.6.1/debian/changelog thunderbird-60.7.0/debian/changelog
--- thunderbird-60.6.1/debian/changelog	2019-03-27 18:22:51.000000000 +0100
+++ thunderbird-60.7.0/debian/changelog	2019-05-23 17:03:27.000000000 +0200
@@ -1,3 +1,30 @@
+thunderbird (1:60.7.0-1) unstable; urgency=medium
+
+  * [f6dd130] New upstream version 60.7.0
+    Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15)
+    CVE-2019-9816: Type confusion with object groups and UnboxedObjects
+    CVE-2019-9817: Stealing of cross-domain images using canvas
+    CVE-2019-9819: Compartment mismatch with fetch API
+    CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
+    CVE-2019-11691: Use-after-free in XMLHttpRequest
+    CVE-2019-11692: Use-after-free removing listeners in the event listener
+                    manager
+    CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
+    CVE-2019-7317: Use-after-free in png_image_free of libpng library
+    CVE-2019-9797: Cross-origin theft of images with createImageBitmap
+    CVE-2018-18511: Cross-origin theft of images with
+                    ImageBitmapRenderingContext
+    CVE-2019-11698: Theft of user history data through drag and drop of
+                    hyperlinks to and from bookmarks
+    CVE-2019-5798: Out-of-bounds read in Skia
+    CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7,
+                   and Thunderbird 60.7
+  * [4106d54] rebuild patch queue from patch-queue branch
+    added patch:
+    fixes/rust-ignore-not-available-documentation.patch
+
+ -- Carsten Schoenert <c.schoenert@t-online.de>  Thu, 23 May 2019 17:03:27 +0200
+
 thunderbird (1:60.6.1-1) unstable; urgency=medium
 
   [ intrigeri ]
diff -puNr -Naur thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch
--- thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch	1970-01-01 01:00:00.000000000 +0100
+++ thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch	2019-05-23 17:02:09.000000000 +0200
@@ -0,0 +1,43 @@
+From: Carsten Schoenert <c.schoenert@t-online.de>
+Date: Wed, 22 May 2019 21:48:32 +0200
+Subject: rust: ignore not available documentation
+
+Picked up from a patch list for FF from Arch.
+---
+ servo/components/style/lib.rs        | 2 --
+ servo/components/style_traits/lib.rs | 2 --
+ 2 files changed, 4 deletions(-)
+
+diff --git a/servo/components/style/lib.rs b/servo/components/style/lib.rs
+index 49acbe3..0d3871c 100644
+--- a/servo/components/style/lib.rs
++++ b/servo/components/style/lib.rs
+@@ -23,7 +23,6 @@
+ //! [cssparser]: ../cssparser/index.html
+ //! [selectors]: ../selectors/index.html
+ 
+-#![deny(missing_docs)]
+ 
+ extern crate app_units;
+ extern crate arrayvec;
+@@ -148,7 +147,6 @@ pub mod values;
+ /// Generated from the properties.mako.rs template by build.rs
+ #[macro_use]
+ #[allow(unsafe_code)]
+-#[deny(missing_docs)]
+ pub mod properties {
+     include!(concat!(env!("OUT_DIR"), "/properties.rs"));
+ }
+diff --git a/servo/components/style_traits/lib.rs b/servo/components/style_traits/lib.rs
+index 3b7304b..0f05333 100644
+--- a/servo/components/style_traits/lib.rs
++++ b/servo/components/style_traits/lib.rs
+@@ -9,8 +9,6 @@
+ #![crate_name = "style_traits"]
+ #![crate_type = "rlib"]
+ 
+-#![deny(unsafe_code, missing_docs)]
+-
+ extern crate app_units;
+ #[macro_use] extern crate bitflags;
+ #[macro_use] extern crate cssparser;
diff -puNr -Naur thunderbird-60.6.1/debian/patches/series thunderbird-60.7.0/debian/patches/series
--- thunderbird-60.6.1/debian/patches/series	2019-03-26 21:53:39.000000000 +0100
+++ thunderbird-60.7.0/debian/patches/series	2019-05-23 17:02:09.000000000 +0200
@@ -38,3 +38,4 @@ porting-armel/Bug-1463035-Remove-MOZ_SIG
 porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
 porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
 fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
+fixes/rust-ignore-not-available-documentation.patch

unblock thunderbird/1:60.7.0-1

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, aarch64, arm64

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

To: Carsten Schoenert <c.schoenert@t-online.de>, 929559-done@bugs.debian.org

Subject: Re: Bug#929559: unblock: thunderbird/1:60.7.0-1

From: Niels Thykier <niels@thykier.net>

Date: Sun, 26 May 2019 07:21:00 +0000

Message-id: <b9545de4-5b03-4500-da1a-b6d346465823@thykier.net>

In-reply-to: <[🔎] 155884876328.31751.15589934049342573080.reportbug@x260.cruise.homelinux.net>

References: <[🔎] 155884876328.31751.15589934049342573080.reportbug@x260.cruise.homelinux.net>
Carsten Schoenert:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package thunderbird
> 
> The package Thunderbird got the usual update to a new ESR version with
> an update to 60.7.0.
> This update fixes some known CVEs.
> 
> The changes to the packaging can be seen within the following diff output:
> 
> [...]
> 
> unblock thunderbird/1:60.7.0-1
> 
> [...]

Unblocked, thanks.
~Niels
--- End Message ---

Reply to:

References:
- Bug#929559: unblock: thunderbird/1:60.7.0-1
  - From: Carsten Schoenert <c.schoenert@t-online.de>

Prev by Date: Bug#929559: unblock: thunderbird/1:60.7.0-1
Next by Date: Bug#926412: unblock: gnutls28/3.6.7-2
Previous by thread: Bug#929559: unblock: thunderbird/1:60.7.0-1
Next by thread: Bug#929571: unblock: dgit/8.5
Index(es):
- Date
- Thread