Debian Security Advisory

DLA-1657-1 debian-security-support -- LTS security update

Date Reported:
01 Feb 2019
Affected Packages:
debian-security-support
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

debian-security-support, the Debian security support coverage checker, has been updated in jessie.

This marks the end of life of the Enigmail package in jessie. After many months of work to try backporting the various changes and fixes required to ensure a secure Enigmail package compatible with the newest version of Thunderbird now shipped in jessie, it is the LTS team's opinion that the changes are too intrusive to ensure the stability of the distribution as a whole.

While Enigmail is still available on addons.mozilla.org, we do not recommend that package is used, as downloads and executes arbitrary binaries from the internet without the user's knowledge. It also doesn't respect's Debian commitment to free software, in that it is not buildable from source.

We instead recommend you upgrade workstations needing Enigmail to Debian stretch where proper updates are available.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

For Debian 8 Lenny, these issues have been fixed in debian-security-support version 2019.02.01~deb8u1