Parent Directory | Revision Log
add advisory for thunderbird-68.2.1-1.mga7
1 | type: security |
2 | subject: Updated thunderbird packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2019-11757 |
5 | - CVE-2019-11758 |
6 | - CVE-2019-11759 |
7 | - CVE-2019-11760 |
8 | - CVE-2019-11761 |
9 | - CVE-2019-11762 |
10 | - CVE-2019-11763 |
11 | - CVE-2019-11764 |
12 | - CVE-2019-15903 |
13 | src: |
14 | 7: |
15 | core: |
16 | - thunderbird-68.2.1-1.mga7 |
17 | - thunderbird-l10n-68.2.1-1.mga7 |
18 | description: | |
19 | The updated packages fix security issues: |
20 | |
21 | Use-after-free when creating index updates in IndexedDB. |
22 | (CVE-2019-11757) |
23 | |
24 | Potentially exploitable crash due to 360 Total Security. |
25 | (CVE-2019-11758) |
26 | |
27 | Stack buffer overflow in HKDF output. (CVE-2019-11759) |
28 | |
29 | Stack buffer overflow in WebRTC networking. (CVE-2019-11760) |
30 | |
31 | Unintended access to a privileged JSONView object. (CVE-2019-11761) |
32 | |
33 | document.domain-based origin isolation has same-origin-property |
34 | violation. (CVE-2019-11762) |
35 | |
36 | Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) |
37 | |
38 | Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764) |
39 | |
40 | Heap overflow in expat library in XML_GetCurrentLineNumber. |
41 | (CVE-2019-15903) |
42 | |
43 | Enigmail has been updated to 2.1.3. |
44 | references: |
45 | - https://bugs.mageia.org/show_bug.cgi?id=25597 |
46 | - https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/ |
47 | - https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/ |
48 | - https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ |
49 | - https://enigmail.net/index.php/en/download/changelog#enig2.1.3 |
50 | - https://access.redhat.com/errata/RHSA-2019:3237 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |