type: security
subject: Updated thunderbird packages fix security vulnerabilities
CVE:
 - CVE-2019-11757
 - CVE-2019-11758
 - CVE-2019-11759
 - CVE-2019-11760
 - CVE-2019-11761
 - CVE-2019-11762
 - CVE-2019-11763
 - CVE-2019-11764
 - CVE-2019-15903
src:
  7:
   core:
     - thunderbird-68.2.1-1.mga7
     - thunderbird-l10n-68.2.1-1.mga7
description: |
  The updated packages fix security issues:

  Use-after-free when creating index updates in IndexedDB.
  (CVE-2019-11757)

  Potentially exploitable crash due to 360 Total Security.
  (CVE-2019-11758)

  Stack buffer overflow in HKDF output. (CVE-2019-11759)

  Stack buffer overflow in WebRTC networking. (CVE-2019-11760)

  Unintended access to a privileged JSONView object. (CVE-2019-11761)

  document.domain-based origin isolation has same-origin-property
  violation. (CVE-2019-11762)

  Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763)

  Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764)

  Heap overflow in expat library in XML_GetCurrentLineNumber.
  (CVE-2019-15903)

  Enigmail has been updated to 2.1.3.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25597
 - https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/
 - https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/
 - https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
 - https://enigmail.net/index.php/en/download/changelog#enig2.1.3
 - https://access.redhat.com/errata/RHSA-2019:3237