Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639048 (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830, MFSA2017-26) - <mail-client/thunderbird{,-bin}-52.5.0: multiple vulnerabilities
Summary: <mail-client/thunderbird{,-bin}-52.5.0: multiple vulnerabilities
Alias: CVE-2017-7826, CVE-2017-7828, CVE-2017-7830, MFSA2017-26
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa+ cve blocked]
Depends on: 641764 MFSA-2018-04
Blocks: CVE-2017-7753, CVE-2017-7779, CVE-2017-7782, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7793, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7804, CVE-2017-7805, CVE-2017-7807, CVE-2017-7809, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825
  Show dependency tree
Reported: 2017-11-28 09:55 UTC by Frank Krömmelbein
Modified: 2019-11-03 12:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check-


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-29 00:08:52 UTC
(In reply to Frank Krömmelbein from comment #0)

Thank you for the report Frank, @Maintainers please call for stabilization when ready.

Comment 2 Larry the Git Cow gentoo-dev 2017-11-29 17:44:44 UTC
The bug has been referenced in the following commit(s):

commit 96b0f1c18b9d36f28addda1a8895988f6350d5e1
Author:     Ian Stakenvicius <>
AuthorDate: 2017-11-29 17:43:22 +0000
Commit:     Ian Stakenvicius <>
CommitDate: 2017-11-29 17:44:33 +0000

    mail-client/thunderbird-bin: bump to 52.5.0
    Bumped directly to stable by maintainers for security
    Package-Manager: Portage-2.3.13, Repoman-2.3.3

 mail-client/thunderbird-bin/Manifest               | 118 ++++++++++-----------
 ...52.4.0.ebuild => thunderbird-bin-52.5.0.ebuild} |   7 +-
 2 files changed, 62 insertions(+), 63 deletions(-)}
Comment 3 Ian Stakenvicius (RETIRED) gentoo-dev 2017-11-29 17:47:05 UTC
Ebuilds are in the tree now.

mail-client/thunderbird-bin-52.5.0 has been committed directly to stable.

mail-client/thunderbird-52.5.0 requires x11-plugins/enigmail- to also be stabilized to adopt improved way the enigmail extension is being installed and loaded by thunderbird.
Comment 4 Stephan Hartmann (RETIRED) gentoo-dev 2017-12-13 12:26:27 UTC
Maybe add arches?
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-13 13:28:57 UTC
@ Arches,

please test and mark stable:

Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-14 15:08:42 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-12-14 20:27:24 UTC
amd64 stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-20 12:25:38 UTC
@ Remaining arches:

Please pick up newer >=x11-plugins/enigmail-1.9.9 via bug 641764.
Comment 9 Ian Stakenvicius (RETIRED) gentoo-dev 2018-01-04 15:54:03 UTC
ppc / ppc64 , would you like to drop stable keywords on this package?  The last one that was stabilized was 45.8.0 which has long been unsupported security-wise.
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2018-01-19 21:28:05 UTC
(In reply to Ian Stakenvicius from comment #9)
> ppc / ppc64 , would you like to drop stable keywords on this package?  The
> last one that was stabilized was 45.8.0 which has long been unsupported
> security-wise.


@ppc/ppc64, how would you like to proceed?
Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-13 22:33:45 UTC
ppc stable
Comment 12 Stabilization helper bot gentoo-dev 2018-03-24 22:00:50 UTC
An automated check of this bug failed - the following atom is unknown:


Please verify the atom list.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2018-03-28 18:24:59 UTC
This issue was resolved and addressed in
 GLSA 201803-14 at
by GLSA coordinator Aaron Bauman (b-man).