Bug#930550: unblock: thunderbird/1:60.7.1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package thunderbird
The release of an updated Thunderbird package by Mozilla was needed due
found CVE issues.
There are no changes did happen to the packaging thunderbird itself, it
was only necessary to import the new sources and start a rebuild. The
modification within the debian folder are really small and simple.
$ diff -Naur thunderbird-60.7.0/debian/ thunderbird-60.7.1/debian/
diff -puNr -Naur thunderbird-60.7.0/debian/changelog thunderbird-60.7.1/debian/changelog
--- thunderbird-60.7.0/debian/changelog 2019-06-15 10:00:28.591606482 +0200
+++ thunderbird-60.7.1/debian/changelog 2019-06-15 10:02:39.604085695 +0200
@@ -1,3 +1,14 @@
+thunderbird (1:60.7.1-1) unstable; urgency=high
+
+ * [f791dee] New upstream version 60.7.1
+ Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17)
+ CVE-2019-11703: Heap buffer overflow in icalparser.c
+ CVE-2019-11704: Heap buffer overflow in icalvalue.c
+ CVE-2019-11705: Stack buffer overflow in icalrecur.c
+ CVE-2019-11706: Type confusion in icalproperty.c
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 14 Jun 2019 07:25:35 +0200
+
thunderbird (1:60.7.0-1) unstable; urgency=medium
* [f6dd130] New upstream version 60.7.0
So please consider to unblock the thunderbird package 1:60.7.1-1.
unblock thunderbird/1:60.7.1-1
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, aarch64, arm64
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: