Bug #10752
Investigate the current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8
Start date:
2015-12-14
Due date:
% Done:
100%
Description
Subtasks
History
#1 Updated by Anonymous 2015-12-14 06:23:51
- Parent task set to
Feature #5663
#2 Updated by Anonymous 2015-12-14 06:24:55
- Target version deleted (
SponsorS_M3) - Deliverable for set to 267
#3 Updated by Anonymous 2015-12-14 07:10:48
From git grep icedove -- wiki/src/torrents
Current package of Icedove in Tails 1.7 is 31.8.0-1~deb7u1
Current version of libnss3 in Tails 1.7 is 3.14.5-1+deb7u5
#4 Updated by Anonymous 2015-12-14 07:16:06
- Deliverable for changed from 267 to 268
#5 Updated by Anonymous 2015-12-14 07:27:23
- Target version set to Tails_1.8
#6 Updated by Anonymous 2015-12-14 07:28:57
quoting intrigeri:
38.4.0-1~deb7u1 and other security backports apparently have no libnss3-dev in its build-deps, while sid packages have. which seems to indicate that such security backports might be built with their own, bundled nss, instead of the system one.
this is ugly, but actually very good news for us.
#7 Updated by kytv 2015-12-14 07:31:53
- Assignee deleted (
kytv)
Confirmed, our icedove packages have no dependency on the system NSS.
amnesia@amnesia:~$ apt-cache --installed depends icedove
icedove
Depends: fontconfig
Depends: psmisc
Depends: debianutils
Depends: libasound2
Depends: libatk1.0-0
Depends: libc6
Depends: libcairo2
Depends: libdbus-1-3
Depends: libdbus-glib-1-2
Depends: libevent-2.0-5
Depends: libffi5
Depends: libfontconfig1
Depends: libfreetype6
Depends: libgcc1
Depends: libgdk-pixbuf2.0-0
Depends: libglib2.0-0
Depends: libgtk2.0-0
Depends: libhunspell-1.3-0
Depends: libpango1.0-0
Depends: libpixman-1-0
Depends: libsqlite3-0
Depends: libstartup-notification0
Depends: libstdc++6
Depends: libx11-6
Depends: libxcomposite1
Depends: libxdamage1
Depends: libxext6
Depends: libxfixes3
Depends: libxrender1
Depends: libxt6
Depends: zlib1g
I suppose this means we only have to worry about keeping Icedove current and that this ticket could be closed?
#8 Updated by kytv 2015-12-14 07:33:02
- Subject changed from Investigate he current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8 to Investigate the current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8
- Status changed from Confirmed to Resolved
- % Done changed from 0 to 100
Closing as I don’t think there’s anything else for us to do here.