Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 639048 (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830, MFSA2017-26)

Summary: <mail-client/thunderbird{,-bin}-52.5.0: multiple vulnerabilities
Product: Gentoo Security Reporter: Frank Krömmelbein <kroemmelbein>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: ap, mozilla
Priority: Normal Flags: stable-bot: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa+ cve blocked]
Package list:
Runtime testing required: ---
Bug Depends on: 641764, 645820    
Bug Blocks: 627376    

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-29 00:08:52 UTC
(In reply to Frank Krömmelbein from comment #0)

Thank you for the report Frank, @Maintainers please call for stabilization when ready.

Comment 2 Larry the Git Cow gentoo-dev 2017-11-29 17:44:44 UTC
The bug has been referenced in the following commit(s):

commit 96b0f1c18b9d36f28addda1a8895988f6350d5e1
Author:     Ian Stakenvicius <>
AuthorDate: 2017-11-29 17:43:22 +0000
Commit:     Ian Stakenvicius <>
CommitDate: 2017-11-29 17:44:33 +0000

    mail-client/thunderbird-bin: bump to 52.5.0
    Bumped directly to stable by maintainers for security
    Package-Manager: Portage-2.3.13, Repoman-2.3.3

 mail-client/thunderbird-bin/Manifest               | 118 ++++++++++-----------
 ...52.4.0.ebuild => thunderbird-bin-52.5.0.ebuild} |   7 +-
 2 files changed, 62 insertions(+), 63 deletions(-)}
Comment 3 Ian Stakenvicius (RETIRED) gentoo-dev 2017-11-29 17:47:05 UTC
Ebuilds are in the tree now.

mail-client/thunderbird-bin-52.5.0 has been committed directly to stable.

mail-client/thunderbird-52.5.0 requires x11-plugins/enigmail- to also be stabilized to adopt improved way the enigmail extension is being installed and loaded by thunderbird.
Comment 4 Stephan Hartmann gentoo-dev 2017-12-13 12:26:27 UTC
Maybe add arches?
Comment 5 Thomas Deutschmann gentoo-dev 2017-12-13 13:28:57 UTC
@ Arches,

please test and mark stable:

Comment 6 Thomas Deutschmann gentoo-dev 2017-12-14 15:08:42 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-12-14 20:27:24 UTC
amd64 stable
Comment 8 Thomas Deutschmann gentoo-dev 2017-12-20 12:25:38 UTC
@ Remaining arches:

Please pick up newer >=x11-plugins/enigmail-1.9.9 via bug 641764.
Comment 9 Ian Stakenvicius (RETIRED) gentoo-dev 2018-01-04 15:54:03 UTC
ppc / ppc64 , would you like to drop stable keywords on this package?  The last one that was stabilized was 45.8.0 which has long been unsupported security-wise.
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-19 21:28:05 UTC
(In reply to Ian Stakenvicius from comment #9)
> ppc / ppc64 , would you like to drop stable keywords on this package?  The
> last one that was stabilized was 45.8.0 which has long been unsupported
> security-wise.


@ppc/ppc64, how would you like to proceed?
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-13 22:33:45 UTC
ppc stable
Comment 12 Stabilization helper bot gentoo-dev 2018-03-24 22:00:50 UTC
An automated check of this bug failed - the following atom is unknown:


Please verify the atom list.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2018-03-28 18:24:59 UTC
This issue was resolved and addressed in
 GLSA 201803-14 at
by GLSA coordinator Aaron Bauman (b-man).