1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4482-1] thunderbird security update

    From Moritz Muehlenhoff@1:229/2 to All on Sun Jul 14 22:20:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4482-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    July 14, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : thunderbird
    CVE ID : CVE-2019-9811 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712
    CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730

    Multiple security issues have been found in Thunderbird which could
    potentially result in the execution of arbitrary code, cross-site
    scripting, spoofing, information disclosure, denial of service or
    cross-site request forgery.

    CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in
    buster Thunderbird uses the system-wide copy of NSS which will be updated separately.

    For the oldstable distribution (stretch), these problems have been fixed
    in version 1:60.8.0-1~deb9u1.

    For the stable distribution (buster), these problems have been fixed in
    version 1:60.8.0-1~deb10u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0ri4cACgkQEMKTtsN8 TjY5/w//cX9asGjzkVqqqklIbwcrhK043apPrbsyFygpESJvMRxITAWiMyIY5YBS uNvhrZlrk7rOSayxTLMibUbRk5nJIRpi1GG+i1uCinXQF6xxtgSIfhRmxq7cwYFV Eeie5/Cb3PwFODiELZfoTbzzWznLMbdiyFxGpIz8GrMZenSS/jszD6dCOvxfG1h2 XYJ62x9fxyonWHdnL9BhfTMXp9KrYyp6df68chl1QpSd0e+zCu4XHt4OZK8pyjU7 FPguEEO+rPwwhON+rGLPlA/BhtUW1LyilzLc3asLyw7eMmX3PV5jngs3xNjBXedi 5oJnRkWLKClCgwfzgoYuI2k5Kj4kezUZsdB6zadJknVnIPkQsaUIJou+moxPqgwK fYJTolfw/6csC4h6QXTvV4BolMh9wwy/lDHavhQMHqROHuScEdyL//UGnt+HBM+Y ++xvv+18niyq4whOKQOGeqYejN1XjgYlmUXnRY3/xPyW6QC2MT3X3L5yYWYe/aFz ufQunXYa+W8FOoggUQFGbCvz+xvusXxMxUoj3SDUxh4KKgvKt3mDIOWDUuCeX4YC hLeQN7klnuCr4w7UDiVG8guW/tGKVV+Fv+OsF7BA9r0wENokWivCeny7tWEOlfyu p5s5FvC9JYTphpo0WPmvytIHA7bk+1Z1v5N1VC9hwqp1fEdlMG8=
    =E4v6
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)