Your message dated Sun, 26 May 2019 07:21:00 +0000 with message-id <b9545de4-5b03-4500-da1a-b6d346465...@thykier.net> and subject line Re: Bug#929559: unblock: thunderbird/1:60.7.0-1 has caused the Debian Bug report #929559, regarding unblock: thunderbird/1:60.7.0-1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929559: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock Please unblock package thunderbird The package Thunderbird got the usual update to a new ESR version with an update to 60.7.0. This update fixes some known CVEs. The changes to the packaging can be seen within the following diff output: $ diff -Naur thunderbird-60.6.1/debian/ thunderbird-60.7.0/debian/ diff -puNr -Naur thunderbird-60.6.1/debian/changelog thunderbird-60.7.0/debian/changelog --- thunderbird-60.6.1/debian/changelog 2019-03-27 18:22:51.000000000 +0100 +++ thunderbird-60.7.0/debian/changelog 2019-05-23 17:03:27.000000000 +0200 @@ -1,3 +1,30 @@ +thunderbird (1:60.7.0-1) unstable; urgency=medium + + * [f6dd130] New upstream version 60.7.0 + Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15) + CVE-2019-9816: Type confusion with object groups and UnboxedObjects + CVE-2019-9817: Stealing of cross-domain images using canvas + CVE-2019-9819: Compartment mismatch with fetch API + CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell + CVE-2019-11691: Use-after-free in XMLHttpRequest + CVE-2019-11692: Use-after-free removing listeners in the event listener + manager + CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux + CVE-2019-7317: Use-after-free in png_image_free of libpng library + CVE-2019-9797: Cross-origin theft of images with createImageBitmap + CVE-2018-18511: Cross-origin theft of images with + ImageBitmapRenderingContext + CVE-2019-11698: Theft of user history data through drag and drop of + hyperlinks to and from bookmarks + CVE-2019-5798: Out-of-bounds read in Skia + CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, + and Thunderbird 60.7 + * [4106d54] rebuild patch queue from patch-queue branch + added patch: + fixes/rust-ignore-not-available-documentation.patch + + -- Carsten Schoenert <c.schoen...@t-online.de> Thu, 23 May 2019 17:03:27 +0200 + thunderbird (1:60.6.1-1) unstable; urgency=medium [ intrigeri ] diff -puNr -Naur thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch --- thunderbird-60.6.1/debian/patches/fixes/rust-ignore-not-available-documentation.patch 1970-01-01 01:00:00.000000000 +0100 +++ thunderbird-60.7.0/debian/patches/fixes/rust-ignore-not-available-documentation.patch 2019-05-23 17:02:09.000000000 +0200 @@ -0,0 +1,43 @@ +From: Carsten Schoenert <c.schoen...@t-online.de> +Date: Wed, 22 May 2019 21:48:32 +0200 +Subject: rust: ignore not available documentation + +Picked up from a patch list for FF from Arch. +--- + servo/components/style/lib.rs | 2 -- + servo/components/style_traits/lib.rs | 2 -- + 2 files changed, 4 deletions(-) + +diff --git a/servo/components/style/lib.rs b/servo/components/style/lib.rs +index 49acbe3..0d3871c 100644 +--- a/servo/components/style/lib.rs ++++ b/servo/components/style/lib.rs +@@ -23,7 +23,6 @@ + //! [cssparser]: ../cssparser/index.html + //! [selectors]: ../selectors/index.html + +-#![deny(missing_docs)] + + extern crate app_units; + extern crate arrayvec; +@@ -148,7 +147,6 @@ pub mod values; + /// Generated from the properties.mako.rs template by build.rs + #[macro_use] + #[allow(unsafe_code)] +-#[deny(missing_docs)] + pub mod properties { + include!(concat!(env!("OUT_DIR"), "/properties.rs")); + } +diff --git a/servo/components/style_traits/lib.rs b/servo/components/style_traits/lib.rs +index 3b7304b..0f05333 100644 +--- a/servo/components/style_traits/lib.rs ++++ b/servo/components/style_traits/lib.rs +@@ -9,8 +9,6 @@ + #![crate_name = "style_traits"] + #![crate_type = "rlib"] + +-#![deny(unsafe_code, missing_docs)] +- + extern crate app_units; + #[macro_use] extern crate bitflags; + #[macro_use] extern crate cssparser; diff -puNr -Naur thunderbird-60.6.1/debian/patches/series thunderbird-60.7.0/debian/patches/series --- thunderbird-60.6.1/debian/patches/series 2019-03-26 21:53:39.000000000 +0100 +++ thunderbird-60.7.0/debian/patches/series 2019-05-23 17:02:09.000000000 +0200 @@ -38,3 +38,4 @@ porting-armel/Bug-1463035-Remove-MOZ_SIG porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch +fixes/rust-ignore-not-available-documentation.patch unblock thunderbird/1:60.7.0-1 -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, aarch64, arm64 Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---Carsten Schoenert: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package thunderbird > > The package Thunderbird got the usual update to a new ESR version with > an update to 60.7.0. > This update fixes some known CVEs. > > The changes to the packaging can be seen within the following diff output: > > [...] > > unblock thunderbird/1:60.7.0-1 > > [...] Unblocked, thanks. ~Niels
--- End Message ---
