Bug #10752: Investigate the current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8

Bug #10752

Investigate the current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8

Added by Anonymous about 9 years ago. Updated about 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_1.8

Start date:

2015-12-14

Due date:

% Done:

100%

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Email Client

Deliverable for:

268

Description

See

and report back.

Subtasks

History

#1 Updated by Anonymous about 9 years ago

Parent task set to ~~Feature #5663~~

#2 Updated by Anonymous about 9 years ago

Target version deleted (~~SponsorS_M3~~)
Deliverable for set to 267

#3 Updated by Anonymous about 9 years ago

From git grep icedove -- wiki/src/torrents
Current package of Icedove in Tails 1.7 is 31.8.0-1~deb7u1
Current version of libnss3 in Tails 1.7 is 3.14.5-1+deb7u5

#4 Updated by Anonymous about 9 years ago

Deliverable for changed from 267 to 268

#5 Updated by Anonymous about 9 years ago

Target version set to Tails_1.8

#6 Updated by Anonymous about 9 years ago

quoting intrigeri:

38.4.0-1~deb7u1 and other security backports apparently have no libnss3-dev in its build-deps, while sid packages have. which seems to indicate that such security backports might be built with their own, bundled nss, instead of the system one.
this is ugly, but actually very good news for us.

#7 Updated by kytv about 9 years ago

Assignee deleted (~~kytv~~)

Confirmed, our icedove packages have no dependency on the system NSS.

amnesia@amnesia:~$ apt-cache --installed depends icedove
icedove
  Depends: fontconfig
  Depends: psmisc
  Depends: debianutils
  Depends: libasound2
  Depends: libatk1.0-0
  Depends: libc6
  Depends: libcairo2
  Depends: libdbus-1-3
  Depends: libdbus-glib-1-2
  Depends: libevent-2.0-5
  Depends: libffi5
  Depends: libfontconfig1
  Depends: libfreetype6
  Depends: libgcc1
  Depends: libgdk-pixbuf2.0-0
  Depends: libglib2.0-0
  Depends: libgtk2.0-0
  Depends: libhunspell-1.3-0
  Depends: libpango1.0-0
  Depends: libpixman-1-0
  Depends: libsqlite3-0
  Depends: libstartup-notification0
  Depends: libstdc++6
  Depends: libx11-6
  Depends: libxcomposite1
  Depends: libxdamage1
  Depends: libxext6
  Depends: libxfixes3
  Depends: libxrender1
  Depends: libxt6
  Depends: zlib1g

I suppose this means we only have to worry about keeping Icedove current and that this ticket could be closed?

#8 Updated by kytv about 9 years ago

Subject changed from Investigate he current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8 to Investigate the current security status of Icedove + NSS as shipped in Tails 1.7 & 1.8
Status changed from Confirmed to Resolved
% Done changed from 0 to 100

Closing as I don’t think there’s anything else for us to do here.