Your message dated Mon, 20 Mar 2023 21:59:12 +0000
with message-id <e1penx6-003isi...@respighi.debian.org>
and subject line unblock thunderbird
has caused the Debian Bug report #1033188,
regarding unblock: thunderbird/1:102.9.0-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: thunderb...@packages.debian.org
Control: affects -1 + src:thunderbird

Please unblock package thunderbird

[ Reason ]
A new upstream release of the Thunderbird ESR series did happen that fixes a
few CVE vulnerabilities.

[ Impact ]
Debian testing/bullseye would stick with version 102.8.0.

[ Tests ]
Even if the autopkgtests are marked superficial the main test did show
that Thunbderbird is able to start and is picking up the global settings
from /etc/thunderbird.
Besides that I tested the new version a lot on alocal basis.

[ Risks ]
We are in the middle of the ESR releases and upstream change are now a
lot less deep and agressive than on a start of a new ESR series.
stable-security and also oldstable-security already are using 102.9.0 as
actual version.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing (only for the
      debian/folder)

[ Other info ]
The modifications for the source are quite big as usual but are going in
parallel with firefox-esr due the same sorce code base. Please see further down
for a diff of the chnages on the debian side.
Basically only the Standards-Version was changed.

unblock thunderbird/1:102.9.0-1

$ git diff debian/1%102.8.0-1 debian/
diff --git a/debian/changelog b/debian/changelog
index b1c0dd97102..340fa97407c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+thunderbird (1:102.9.0-1) unstable; urgency=medium
+
+  * [ad8cc7c] New upstream version 102.9.0
+    Fixed CVE issues in upstream version 102.9 (MFSA 2023-11):
+    CVE-2023-25751: Incorrect code generation during JIT compilation
+    CVE-2023-28164: URL being dragged from a removed cross-origin iframe
+                    into the same tab triggered navigation
+    CVE-2023-28162: Invalid downcast in Worklets
+    CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
+    CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9
+  * [b0a22c0] d/control: Increase Standards-Version to 4.6.2
+    No further changes needed.
+
+ -- Carsten Schoenert <c.schoen...@t-online.de>  Wed, 15 Mar 2023 19:54:53 
+0100
+
 thunderbird (1:102.8.0-1) unstable; urgency=medium
 
   * [b130936] New upstream version 102.8.0
diff --git a/debian/control b/debian/control
index 13c0245e0c8..7f30678cab7 100644
--- a/debian/control
+++ b/debian/control
@@ -60,7 +60,7 @@ Vcs-Git: 
https://salsa.debian.org/mozilla-team/thunderbird.git -b debian/sid
 Vcs-Browser: 
https://salsa.debian.org/mozilla-team/thunderbird/commits/debian/sid/
 Homepage: https://www.thunderbird.net/
 X-Debian-Homepage: http://wiki.debian.org/Thunderbird
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 
 Package: thunderbird
 Architecture: amd64 arm64 i386 mips64el ppc64el s390x ppc64

--- End Message ---
--- Begin Message ---
Unblocked.

--- End Message ---

Reply via email to