Bug#930968: unblock: thunderbird/1:60.7.2-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package thunderbird
And one more security related update of the current Thunderbird ESR
version 60.7 did happen. A few says ago Mozilla has released Thunderbird
60.7.2 which fixes two CVE vulnerabilities.
As usual no major changes did happen to the packaging, I just imported
the new source tarball and rebuild the package. Please look further down
to see which CVE numbers are marked as fixed by this new TB version.
diff -puNr -Naur thunderbird-60.7.1/debian/ thunderbird-60.7.2/debian/
--- thunderbird-60.7.1/debian/changelog 2019-06-14 07:25:35.000000000 +0200
+++ thunderbird-60.7.2/debian/changelog 2019-06-21 18:48:30.000000000 +0200
@@ -1,3 +1,12 @@
+thunderbird (1:60.7.2-1) unstable; urgency=medium
+
+ * [d6c79ed] New upstream version 60.7.2
+ Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20
+ CVE-2019-11707: Type confusion in Array.pop
+ CVE-2019-11708: sandbox escape using Prompt:Open
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Fri, 21 Jun 2019 18:48:43 +0200
+
thunderbird (1:60.7.1-1) unstable; urgency=high
* [f791dee] New upstream version 60.7.1
Hopefully tha last update before the planed release date of Buster. :)
unblock thunderbird/1:60.7.2-1
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: