Bug#930968: marked as done (unblock: thunderbird/1:60.7.2-1)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#930968: marked as done (unblock: thunderbird/1:60.7.2-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 25 Jun 2019 17:51:04 +0000
Message-id: <[🔎] handler.930968.D930968.156148482930997.ackdone@bugs.debian.org>
Reply-to: 930968@bugs.debian.org
References: <7f94b854-ac3f-afb0-b122-664a13e11011@thykier.net> <[🔎] 156131335183.571.2090965014481238338.reportbug@i5.cruise.homelinux.net>

Your message dated Tue, 25 Jun 2019 17:46:00 +0000
with message-id <7f94b854-ac3f-afb0-b122-664a13e11011@thykier.net>
and subject line Re: Bug#930968: unblock: thunderbird/1:60.7.2-1
has caused the Debian Bug report #930968,
regarding unblock: thunderbird/1:60.7.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
930968: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930968
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: thunderbird/1:60.7.2-1
From: Carsten Schoenert <c.schoenert@t-online.de>
Date: Sun, 23 Jun 2019 20:09:11 +0200
Message-id: <[🔎] 156131335183.571.2090965014481238338.reportbug@i5.cruise.homelinux.net>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package thunderbird

And one more security related update of the current Thunderbird ESR
version 60.7 did happen. A few says ago Mozilla has released Thunderbird
60.7.2 which fixes two CVE vulnerabilities.

As usual no major changes did happen to the packaging, I just imported
the new source tarball and rebuild the package. Please look further down
to see which CVE numbers are marked as fixed by this new TB version.

diff -puNr -Naur thunderbird-60.7.1/debian/ thunderbird-60.7.2/debian/
--- thunderbird-60.7.1/debian/changelog	2019-06-14 07:25:35.000000000 +0200
+++ thunderbird-60.7.2/debian/changelog	2019-06-21 18:48:30.000000000 +0200
@@ -1,3 +1,12 @@
+thunderbird (1:60.7.2-1) unstable; urgency=medium
+
+  * [d6c79ed] New upstream version 60.7.2
+    Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20
+    CVE-2019-11707: Type confusion in Array.pop
+    CVE-2019-11708: sandbox escape using Prompt:Open
+
+ -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 21 Jun 2019 18:48:43 +0200
+
 thunderbird (1:60.7.1-1) unstable; urgency=high
 
   * [f791dee] New upstream version 60.7.1

Hopefully tha last update before the planed release date of Buster. :)

unblock thunderbird/1:60.7.2-1

-- System Information:
Debian Release: 10.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

To: Carsten Schoenert <c.schoenert@t-online.de>, 930968-done@bugs.debian.org
Subject: Re: Bug#930968: unblock: thunderbird/1:60.7.2-1
From: Niels Thykier <niels@thykier.net>
Date: Tue, 25 Jun 2019 17:46:00 +0000
Message-id: <7f94b854-ac3f-afb0-b122-664a13e11011@thykier.net>
In-reply-to: <[🔎] 156131335183.571.2090965014481238338.reportbug@i5.cruise.homelinux.net>
References: <[🔎] 156131335183.571.2090965014481238338.reportbug@i5.cruise.homelinux.net>

Carsten Schoenert:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package thunderbird
> 
> And one more security related update of the current Thunderbird ESR
> version 60.7 did happen. A few says ago Mozilla has released Thunderbird
> 60.7.2 which fixes two CVE vulnerabilities.
> 
> As usual no major changes did happen to the packaging, I just imported
> the new source tarball and rebuild the package. Please look further down
> to see which CVE numbers are marked as fixed by this new TB version.
> 
> diff -puNr -Naur thunderbird-60.7.1/debian/ thunderbird-60.7.2/debian/
> --- thunderbird-60.7.1/debian/changelog	2019-06-14 07:25:35.000000000 +0200
> +++ thunderbird-60.7.2/debian/changelog	2019-06-21 18:48:30.000000000 +0200
> @@ -1,3 +1,12 @@
> +thunderbird (1:60.7.2-1) unstable; urgency=medium
> +
> +  * [d6c79ed] New upstream version 60.7.2
> +    Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20
> +    CVE-2019-11707: Type confusion in Array.pop
> +    CVE-2019-11708: sandbox escape using Prompt:Open
> +
> + -- Carsten Schoenert <c.schoenert@t-online.de>  Fri, 21 Jun 2019 18:48:43 +0200
> +
>  thunderbird (1:60.7.1-1) unstable; urgency=high
>  
>    * [f791dee] New upstream version 60.7.1
> 
> Hopefully tha last update before the planed release date of Buster. :)
> 
> unblock thunderbird/1:60.7.2-1
> 
> [...]

Unblocked, thanks.
~Niels

--- End Message ---

Reply to:

References:
- Bug#930968: unblock: thunderbird/1:60.7.2-1
  - From: Carsten Schoenert <c.schoenert@t-online.de>

Prev by Date: Processed: Re: unblock: expat/2.2.6-2
Next by Date: Bug#931012: marked as done (unblock: gradle/4.4.1-6)
Previous by thread: Bug#930968: unblock: thunderbird/1:60.7.2-1
Next by thread: Processed: closing 930865
Index(es):
- Date
- Thread