Parent Directory
| 
Revision Log
add advisory for thunderbird-68.2.1-1.mga7
| 1 | type: security |
| 2 | subject: Updated thunderbird packages fix security vulnerabilities |
| 3 | CVE: |
| 4 | - CVE-2019-11757 |
| 5 | - CVE-2019-11758 |
| 6 | - CVE-2019-11759 |
| 7 | - CVE-2019-11760 |
| 8 | - CVE-2019-11761 |
| 9 | - CVE-2019-11762 |
| 10 | - CVE-2019-11763 |
| 11 | - CVE-2019-11764 |
| 12 | - CVE-2019-15903 |
| 13 | src: |
| 14 | 7: |
| 15 | core: |
| 16 | - thunderbird-68.2.1-1.mga7 |
| 17 | - thunderbird-l10n-68.2.1-1.mga7 |
| 18 | description: | |
| 19 | The updated packages fix security issues: |
| 20 | |
| 21 | Use-after-free when creating index updates in IndexedDB. |
| 22 | (CVE-2019-11757) |
| 23 | |
| 24 | Potentially exploitable crash due to 360 Total Security. |
| 25 | (CVE-2019-11758) |
| 26 | |
| 27 | Stack buffer overflow in HKDF output. (CVE-2019-11759) |
| 28 | |
| 29 | Stack buffer overflow in WebRTC networking. (CVE-2019-11760) |
| 30 | |
| 31 | Unintended access to a privileged JSONView object. (CVE-2019-11761) |
| 32 | |
| 33 | document.domain-based origin isolation has same-origin-property |
| 34 | violation. (CVE-2019-11762) |
| 35 | |
| 36 | Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) |
| 37 | |
| 38 | Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764) |
| 39 | |
| 40 | Heap overflow in expat library in XML_GetCurrentLineNumber. |
| 41 | (CVE-2019-15903) |
| 42 | |
| 43 | Enigmail has been updated to 2.1.3. |
| 44 | references: |
| 45 | - https://bugs.mageia.org/show_bug.cgi?id=25597 |
| 46 | - https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/ |
| 47 | - https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/ |
| 48 | - https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ |
| 49 | - https://enigmail.net/index.php/en/download/changelog#enig2.1.3 |
| 50 | - https://access.redhat.com/errata/RHSA-2019:3237 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |