Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package thunderbird I hereby requesting the unblock of thunderbird. The current version in unstable is the usual update of the ESR version that happen about every 6 weeks whith fixes for some CVE issues since the release of the previous version 78.10.0. [ Reason ] These CVEs got fixed by upstream release of 78.10.2 and 78.11.0. CVE-2021-29957: Partial protection of inline OpenPGP message not indicated CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 [ Impact ] Users of testing will get excluded from using the newer version with the fixed CVE related issues. [ Tests ] The local usage tests didn't hve shown any anomalies, the autopkgtests did run also successful. [ Risks ] No update is risk free, but this ESR circle is rather near it end. So it's quite unlikely that user experience breaking things will happen. The upload to unstable happen about 10 days ago and no new bug report was opened up since then. Users of stable and old-stable already did get the updated newer version. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing [ Other info ] I'm not attaching a debdiff as even a smaller set of upstream modifications did happen it would be rather big and time consuming to read. unblock thunderbird/1:78.11.0-1