(resending as I lost the CC on the first reply)
On 13/05/2025 13:55, Adrian Bunk wrote:
On Tue, May 13, 2025 at 01:02:30PM +0200, Lee Garrett wrote:
...
I also prepared an update for Thunderbird fixing the following issues:
- CVE-2025-2817
- CVE-2025-4082
- CVE-2025-4083
- CVE-2025-4087
- CVE-2025-4091
- CVE-2025-4093
- CVE-2025-3523
- CVE-2025-3522
- CVE-2025-2830
...
I am bit confused regarding what you have done last month.
What is the DLA number of your update?
Where in git are your changes?
I had claimed thunderbird in dla-needed on April 22 [0]. I talked to jmm and
agreed to upload it after it has been fixed in stable and above. However
Christoph prepared an update independently and uploaded it on April 30 [1].
DLA-4167-1 should reach debian-lts-announce@ soon, which also contains the
correct CVE list.
Regards,
Lee Garrett,
Debian LTS Team
cu
Adrian
[0]
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db02e9f273f45f3e2dccaea8de16934852777bf4
[1]
https://tracker.debian.org/news/1642678/accepted-thunderbird-1128100esr-1deb11u1-source-into-oldstable-security/
