Control: tags -1 moreinfo Hi Daniel, On 26-06-2019 19:13, Daniel Kahn Gillmor wrote: > Please unblock package enigmail > > enigmail 2:2.0.11+ds1-2 includes several usability and security fixes > from upstream, including a fix for CVE-2019-12269 (debian bug #929363). > > The debdiff is attached. > > unblock enigmail/2:2.0.11+ds1-2 > > About half of this bulky debdiff is upstream fixes to the test suite, > which has been improved; this is useful for our own testing, and it > should have no effect on the functionality of the package. > > Some of the code in debian/patches is also obsolete thanks to the new > upstream version. In particular, > debian/patches/0005-avoid-OpenPGP.js-during-key-file-import.patch is now > much simpler -- it now rips out a chunk of unusable code (that > references OpenPGP.js, see #787774) and doesn't need to add very much, > because of adoption of the same gpg-based strategy by upstream. > > Thanks for your work on fine-tuning the debian Buster release! The time for unblocks for buster has come and gone. The deadline was last Tuesday, we are now in deep freeze and we were not able to process your unblock request and give it an exception. I assume this should be fixed via the security archive, please confirm that (and I'll fix this bugs metadata). Otherwise I propose you prepare a stable release update targeting buster, such that this can be fixed in the first point release. Paul
Attachment:
signature.asc
Description: OpenPGP digital signature