Commit 76751253 authored by Lev Lamberov's avatar Lev Lamberov

[SECURITY] [DSA 4295-1] thunderbird security update

parent d5d8b922
<define-tag pagetitle>DSA-4295-1 thunderbird</define-tag>
<define-tag report_date>2018-9-16</define-tag>
<define-tag secrefs>CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371</define-tag>
<define-tag packages>thunderbird</define-tag>
<define-tag isvulnerable>yes</define-tag>
<define-tag fixed>yes</define-tag>
<define-tag fixed-section>no</define-tag>
#use wml::debian::security
<define-tag description>security update</define-tag>
<define-tag moreinfo>
<p>Multiple security issues have been found in Thunderbird: Multiple memory
safety errors and use-after-frees may lead to the execution of arbitrary
code or denial of service.</p>
<p>Debian follows the Thunderbird upstream releases. Support for the 52.x
series has ended, so starting with this update we're now following the
60.x releases.</p>
<p>Between 52.x and 60.x, Thunderbird has undergone significant internal
updates, which makes it incompatible with a number of extensions. For
more information please refer to <a href="">\</a></p>
<p>In addition, the new Thunderbird packages require Rust to build. A
compatible Rust toolchain has been backported to Debian stretch, but is
not available for all architectures which previously supported the
purely C++-based Thunderbird packages. Thus, the new Thunderbird packages
don't support the mips, mips64el and mipsel architectures at this point.</p>
<p>For the stable distribution (stretch), these problems have been fixed in
version 1:60.0-3~deb9u1.</p>
<p>We recommend that you upgrade your thunderbird packages.</p>
<p>For the detailed security status of thunderbird please refer to
its security tracker page at:
<a href="">\</a></p>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2018/"
# $Id: $
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment