Package: thunderbird Version: 1:45.7.1-1 Severity: grave Tags: security Justification: user security hole
Hi! I'm afraid that, similar to the current debian-devel thread about leaving old (possibly subsequently purged) mails on .icedove->.thunderbird transition, Icedove/Thunderbird leaves the whole IMAP cache on the disk when you delete an account. It is completely gone from the user interface, so any user who doesn't look "under the hood" will be wrongly assured the data is actually gone. Then, when that user crosses a border or is under investigation for any reason, such mails are the first target government agents look for. And this is not a hypothetical situation, I just found such sensitive "deleted" mails on my disk. Fortunately, this didn't end in a police raid -- this machine is a desktop not a laptop, but then, using Tor is a sure proof I must run a commercial kiddie-porn site and donate the proceeds to ISIS -- or, far worse, offer tech advice to someone who thinks bad about the ruling party. As you seem to have doubts about gravity of such scenarios, I'll mail you an anonymized rough outline of the contents privately. For other readers of this bug report: it's nothing child porn level bad, but it still could land someone I (vaguely) know in jail. (For agents reading this bug report: these mails are now, to the best of my knowledge, actually purged, including backups -- and it was nothing subversive.) As it takes a simple look at the filesystem to find this, I assume makers of forensics software already know of this bug (perhaps even not noticing anything is amiss -- they don't use the user interface), thus I'm reporting it openly. Meow! -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (150, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.10.0-rc8-debug+ (SMP w/6 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages thunderbird depends on: ii debianutils 4.8.1 ii fontconfig 2.11.0-6.7 ii libasound2 1.1.3-5 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-9 ii libcairo2 1.14.8-1 ii libdbus-1-3 1.10.14-1.0nosystemd1 ii libdbus-glib-1-2 0.108-2 ii libevent-2.0-5 2.0.21-stable-3 ii libffi6 3.2.1-6 ii libfontconfig1 2.11.0-6.7 ii libfreetype6 2.6.3-3+b1 ii libgcc1 1:7-20170129-1 ii libgdk-pixbuf2.0-0 2.36.5-2 ii libglib2.0-0 2.50.3-1 ii libgtk2.0-0 2.24.31-2 ii libhunspell-1.4-0 1.4.1-2+b1 ii libicu57 57.1-5 ii libnspr4 2:4.12-6 ii libnss3 2:3.26.2-1 ii libpango-1.0-0 1.40.3-3 ii libpangocairo-1.0-0 1.40.3-3 ii libpangoft2-1.0-0 1.40.3-3 ii libpixman-1-0 0.34.0-1 ii libsqlite3-0 3.16.2-2 ii libstartup-notification0 0.12-4 ii libstdc++6 7-20170129-1 ii libvpx4 1.6.1-2 ii libx11-6 2:1.6.4-3 ii libxcomposite1 1:0.4.4-2 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes3 1:5.0.3-1 ii libxrender1 1:0.9.10-1 ii libxt6 1:1.1.5-1 ii psmisc 22.21-2.1+b1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages thunderbird recommends: ii hunspell-en-us [hunspell-dictionary] 20070829-7 ii lightning 1:45.7.1-1 Versions of packages thunderbird suggests: pn apparmor <none> pn fonts-lyx <none> ii libgssapi-krb5-2 1.15-1 -- no debconf information