Upgrade Thunderbird to 78.10.2: users that did the Thunderbird 78 OpenPGP migration in 4.18 are affected by CVE-2021-29956 (#18316) · Issues · tails / tails

Upgrade Thunderbird to 78.10.2: users that did the Thunderbird 78 OpenPGP migration in 4.18 are affected by CVE-2021-29956

Details: For OpenPGP secret keys imported with Thunderbird versions 78.8.1 - 78.10.1 the master password isn't effective

Luckily, in the last stable Tails release, 4.18, we shipped the unaffected Thunderbird 78.8.0. Only Tails users that did the Thunderbird 78 OpenPGP migration in 4.19~beta1 are affected. We didn't provide automatic upgrades to 4.19~beta1, so actually only users that did a manual upgrade from Tails <= 4.12 to 4.19~beta1 and did the migration are affected. I wouldn't be surprised if zero users are affected.

In the last stable Tails release, 4.18, we shipped the affected Thunderbird 78.9.0, so users that upgraded from Tails <= 4.12 to 4.18 and did the OpenPGP migration are affected.

Hopefully we'll have a Thunderbird with the fix (which also will repair the problem) before Tails 4.19 final. Since 4.19~beta1 came with "no warranty" I think we at most have to mention this in the release notes for 4.19~rc1. But I'll keep this issue to track what happens in 4.19 final.

Edited May 24, 2021 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information