Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 970
    • Issues 970
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 23
    • Merge requests 23
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #18316
Closed
Open
Issue created May 13, 2021 by anonym@anonymMaintainer

Upgrade Thunderbird to 78.10.2: users that did the Thunderbird 78 OpenPGP migration in 4.18 are affected by CVE-2021-29956

Details: For OpenPGP secret keys imported with Thunderbird versions 78.8.1 - 78.10.1 the master password isn't effective

Luckily, in the last stable Tails release, 4.18, we shipped the unaffected Thunderbird 78.8.0. Only Tails users that did the Thunderbird 78 OpenPGP migration in 4.19beta1 are affected. We didn't provide automatic upgrades to 4.19beta1, so actually only users that did a manual upgrade from Tails <= 4.12 to 4.19~beta1 and did the migration are affected. I wouldn't be surprised if zero users are affected.

In the last stable Tails release, 4.18, we shipped the affected Thunderbird 78.9.0, so users that upgraded from Tails <= 4.12 to 4.18 and did the OpenPGP migration are affected.

Hopefully we'll have a Thunderbird with the fix (which also will repair the problem) before Tails 4.19 final. Since 4.19beta1 came with "no warranty" I think we at most have to mention this in the release notes for 4.19rc1. But I'll keep this issue to track what happens in 4.19 final.

Edited May 24, 2021 by intrigeri
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking