Am 16.08.21 um 12:06 schrieb Demi Marie Obenour: >> such reports have quite never a severity of grave or serious. >> Please have a look (again) at the various types for the severity. > > This seems to fall under the “user security hole” justification, > unless I am missing something. The holes I am aware of aren’t > exploitable if one has `javascript.enabled` turned off in about:config, > but that is not the default.
Requests for packaging newer versions so far are always just wishlist bug reports per default. There are only a really small amount of exceptions out there to that rule. Debian is providing Thunderbird packages based on the ESR 78.x version. This release isn't effected by some CVEs that are currently happen to the version 91.x. So there is no security hole. The planned version bump from 78 to 91 is going to be the same as for 68 to 78. We will provide 78.x until approximately TB 91.2 will get released. >> You can see there Thunderbird 91.0 is already uploaded to the archive >> backend, due to new languages, means there are new binary packages, the >> upload is waiting in the NEW queue for approval. > > Any chance of getting it released? It will get automatically released once the FTP masters have reviewed the package and hopefully agree on the introducing into the archive. But it's up to the people within the FTP team to judge on that. -- Regards Carsten Schönert
