Hi, On Fri, Oct 20, 2017 at 01:10:56PM +0200, Moritz Muehlenhoff wrote: > On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote: > > Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie > > and Stretch will be done? Wheezy was a straight rebuild of your work so > > Jessie and Stretch should be the same. I'd like to avoid having a newer > > version in Wheezy for too long. Since there's not even a MFSA for > > Thunderbird yet I assume there are no really critical issues. > > There is https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
Missed that one - only saw the one fore Firefox ESR 52.4, thanks. > But I fail to see how CVE-2017-7793 can be critical for Thunderbird. Me too but the MFSA has: | In general, these flaws cannot be exploited through email in the | Thunderbird product because scripting is disabled when reading mail, but | are potentially risks in browser or browser-like contexts. The last ones seemed to be verbatim copies of the Firefox ones with Thunderbird specific CVEs added - but there weren't any since TB specific ones since quiet some time. CVE-2017-7805 and CVE-2017-7810 are likely more serious for thunderbird. Cheers, -- Guido