advisories/28642.adv

type: security
subject: Updated thunderbird packages fix security vulnerabilities
CVE:
 - CVE-2021-23981
 - CVE-2021-23982
 - CVE-2021-23984
 - CVE-2021-23987
src:
  7:
   core:
     - thunderbird-l10n-78.9.0-1.mga7
     - thunderbird-78.9.0-1.mga7
  8:
   core:
     - thunderbird-l10n-78.9.0-1.mga8
     - thunderbird-78.9.0-1.mga8
description: |
  Texture upload into an unbound backing buffer resulted in an out-of-bound read.
  (CVE-2021-23981)
  
  Angle graphics library out of date. (MOZ-2021-0002)
  
  Internal network hosts could have been probed by a malicious webpage. (CVE-2021-23982)
  
  Malicious extensions could have spoofed popup information. (CVE-2021-23984)
  
  Memory safety bugs fixed in Thunderbird 78.9. (CVE-2021-23987)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28642
 - https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes/
 - https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/
ID: MGASA-2021-0164
1	type: security
2	subject: Updated thunderbird packages fix security vulnerabilities
3	CVE:
4	- CVE-2021-23981
5	- CVE-2021-23982
6	- CVE-2021-23984
7	- CVE-2021-23987
8	src:
9	7:
10	core:
11	- thunderbird-l10n-78.9.0-1.mga7
12	- thunderbird-78.9.0-1.mga7
13	8:
14	core:
15	- thunderbird-l10n-78.9.0-1.mga8
16	- thunderbird-78.9.0-1.mga8
17	description: \|
18	Texture upload into an unbound backing buffer resulted in an out-of-bound read.
19	(CVE-2021-23981)
20
21	Angle graphics library out of date. (MOZ-2021-0002)
22
23	Internal network hosts could have been probed by a malicious webpage. (CVE-2021-23982)
24
25	Malicious extensions could have spoofed popup information. (CVE-2021-23984)
26
27	Memory safety bugs fixed in Thunderbird 78.9. (CVE-2021-23987)
28	references:
29	- https://bugs.mageia.org/show_bug.cgi?id=28642
30	- https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes/
31	- https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/
32	ID: MGASA-2021-0164