Mozilla has released security advisories 2010-01 to 2010-05. Most of these are fixed in ebuilds that Gentoo already has, but Thunderbird is affected by two critical ones, namely <a href="http://www.mozilla.org/security/announce/2010/mfsa2010-01.html">2010-01</a> and <a href="http://www.mozilla.org/security/announce/2010/mfsa2010-03.html">2010-03</a>, which require Thunderbird 3.0.2, which is not yet in Portage. Seamonkey is affected by 2010-01, 2010-03, as well as <a href="http://www.mozilla.org/security/announce/2010/mfsa2010-02.html">2010-02</a>, <a href="http://www.mozilla.org/security/announce/2010/mfsa2010-04.html">2010-04</a>, and <a href="http://www.mozilla.org/security/announce/2010/mfsa2010-05.html">2010-05</a>. I notice that Seamonkey doesn't seem to get much support on Gentoo, so I'm not expecting much on that side, but I'd like to see an ebuild of Thunderbird 3.0.2. Reproducible: Always Steps to Reproduce:
When there is a bump avaliable for tb-3.0.2 it will be made avaliable not a minute sooner. The release is expected to be made the 28 of this month. We are well aware of the security issues.
(In reply to comment #1) > When there is a bump avaliable for tb-3.0.2 it will be made avaliable not a > minute sooner. But many minutes later, I guess :P Upstream is now at Thunderbird 3.0.3.
(In reply to comment #2) > But many minutes later, I guess :P > > Upstream is now at Thunderbird 3.0.3. The package has been bumped and is in stabilization. As Jory replied on bug 307045, we'll use that one for thunderbird and this one for seamonkey only.
> bug #300408#c1 > Further explanation: I'm planing to remove seamonkey-1* as soon as seamonkey-2 > has a stable version in tree. I was one of the testers of seamonkey-2 and reported some issues on profile migration from 1.x to 2.x format. It included crashes, "lost" emails, incompatible "stale" entries in Preferences ("about:config") fooling the migration wizard ... There were many reports like this in the past (see mozilla's bugzilla). Please expect that some users will not be keen on moving quickly to seamonkey-2.0. Myself had no time to re-test. In summary, place einfo() to advice the transcition but please keep seamonkey-1.x in the tree. It keeps data in different locations to version 2 so they can both coexist.
It seems that seamonkey has been mentioned in the advisory 2010-06: http://www.mozilla.org/security/announce/2010/mfsa2010-06.html
Just for reference, there's now also bug 312649.
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore. Cumulative fixed in: Firefox 3.6 Seamonkey 2.0.3 Thunderbird 3.0.2
*** This bug has been marked as a duplicate of bug 31264 ***