Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package thunderbird
I hereby requesting the unblock of thunderbird.
The current version in unstable is the usual update of the ESR version
that happen about every 6 weeks whith fixes for some CVE issues since
the release of the previous version 78.10.0.
[ Reason ]
These CVEs got fixed by upstream release of 78.10.2 and 78.11.0.
CVE-2021-29957: Partial protection of inline OpenPGP message not indicated
CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master
password protection
CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11
[ Impact ]
Users of testing will get excluded from using the newer version with the
fixed CVE related issues.
[ Tests ]
The local usage tests didn't hve shown any anomalies, the autopkgtests
did run also successful.
[ Risks ]
No update is risk free, but this ESR circle is rather near it end. So
it's quite unlikely that user experience breaking things will happen.
The upload to unstable happen about 10 days ago and no new bug report
was opened up since then.
Users of stable and old-stable already did get the updated newer version.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[ ] attach debdiff against the package in testing
[ Other info ]
I'm not attaching a debdiff as even a smaller set of upstream
modifications did happen it would be rather big and time consuming to
read.
unblock thunderbird/1:78.11.0-1
