advisories/24280.adv

type: security
subject: Updated thunderbird packages fix security vulnerability
CVE:
 - CVE-2018-18500
 - CVE-2018-18501
 - CVE-2018-18505
src:
  6:
   core:
     - thunderbird-60.5.0-1.mga6
     - thunderbird-l10n-60.5.0-1.mga6
description: |
  Use-after-free parsing HTML5 stream. (CVE-2018-18500)

  Privilege escalation through IPC channel messages. (CVE-2018-18505)

  Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird
  60.5. (CVE-2018-18501)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24280
 - https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/
ID: MGASA-2019-0069
1	type: security
2	subject: Updated thunderbird packages fix security vulnerability
3	CVE:
4	- CVE-2018-18500
5	- CVE-2018-18501
6	- CVE-2018-18505
7	src:
8	6:
9	core:
10	- thunderbird-60.5.0-1.mga6
11	- thunderbird-l10n-60.5.0-1.mga6
12	description: \|
13	Use-after-free parsing HTML5 stream. (CVE-2018-18500)
14
15	Privilege escalation through IPC channel messages. (CVE-2018-18505)
16
17	Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird
18	60.5. (CVE-2018-18501)
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=24280
21	- https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/
22	- https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/
23	ID: MGASA-2019-0069