Upgrade Thunderbird to 78.10.2: users that did the Thunderbird 78 OpenPGP migration in 4.18 are affected by CVE-2021-29956
Luckily, in the last stable Tails release, 4.18, we shipped the unaffected Thunderbird 78.8.0. Only Tails users that did the Thunderbird 78 OpenPGP migration in 4.19~beta1 are affected. We didn't provide automatic upgrades to 4.19~beta1, so actually only users that did a manual upgrade from Tails <= 4.12 to 4.19~beta1 and did the migration are affected. I wouldn't be surprised if zero users are affected.
In the last stable Tails release, 4.18, we shipped the affected Thunderbird 78.9.0, so users that upgraded from Tails <= 4.12 to 4.18 and did the OpenPGP migration are affected.
Hopefully we'll have a Thunderbird with the fix (which also will repair the problem) before Tails 4.19 final. Since 4.19~beta1 came with "no warranty" I think we at most have to mention this in the release notes for 4.19~rc1. But I'll keep this issue to track what happens in 4.19 final.