[SECURITY] [DLA 2541-1] thunderbird security update

2021-02-0212:34:12

lists.debian.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

42.5%

JSON

Debian LTS Advisory DLA-2541-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
February 02, 2021 https://wiki.debian.org/LTS

Package : thunderbird
Version : 1:78.7.0-1~deb9u1
CVE ID : CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953
CVE-2021-23954 CVE-2021-23960 CVE-2021-23964

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code, denial of service or an information
leak.

For Debian 9 stretch, these problems have been fixed in version
1:78.7.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10alllightning-l10n-es-ar< 1:78.7.0-1~deb10u1lightning-l10n-es-ar_1:78.7.0-1~deb10u1_all.deb
Debian9alllightning-l10n-ga-ie< 1:78.7.0-1~deb9u1lightning-l10n-ga-ie_1:78.7.0-1~deb9u1_all.deb
Debian10ppc64elfirefox-esr< 78.7.0esr-1~deb10u1firefox-esr_78.7.0esr-1~deb10u1_ppc64el.deb
Debian9alliceowl-l10n-ru< 1:78.7.0-1~deb9u1iceowl-l10n-ru_1:78.7.0-1~deb9u1_all.deb
Debian10allthunderbird-l10n-uk< 1:78.7.0-1~deb10u1thunderbird-l10n-uk_1:78.7.0-1~deb10u1_all.deb
Debian10allfirefox-esr-l10n-lv< 78.7.0esr-1~deb10u1firefox-esr-l10n-lv_78.7.0esr-1~deb10u1_all.deb
Debian10alliceweasel-l10n-kab< 1:78.7.0esr-1~deb10u1iceweasel-l10n-kab_1:78.7.0esr-1~deb10u1_all.deb
Debian10allthunderbird-l10n-sl< 1:78.7.0-1~deb10u1thunderbird-l10n-sl_1:78.7.0-1~deb10u1_all.deb
Debian9allfirefox-esr-l10n-ff< 78.7.0esr-1~deb9u1firefox-esr-l10n-ff_78.7.0esr-1~deb9u1_all.deb
Debian9allfirefox-esr-l10n-de< 78.7.0esr-1~deb9u1firefox-esr-l10n-de_78.7.0esr-1~deb9u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	lightning-l10n-es-ar	< 1:78.7.0-1~deb10u1	lightning-l10n-es-ar_1:78.7.0-1~deb10u1_all.deb
Debian	9	all	lightning-l10n-ga-ie	< 1:78.7.0-1~deb9u1	lightning-l10n-ga-ie_1:78.7.0-1~deb9u1_all.deb
Debian	10	ppc64el	firefox-esr	< 78.7.0esr-1~deb10u1	firefox-esr_78.7.0esr-1~deb10u1_ppc64el.deb
Debian	9	all	iceowl-l10n-ru	< 1:78.7.0-1~deb9u1	iceowl-l10n-ru_1:78.7.0-1~deb9u1_all.deb
Debian	10	all	thunderbird-l10n-uk	< 1:78.7.0-1~deb10u1	thunderbird-l10n-uk_1:78.7.0-1~deb10u1_all.deb
Debian	10	all	firefox-esr-l10n-lv	< 78.7.0esr-1~deb10u1	firefox-esr-l10n-lv_78.7.0esr-1~deb10u1_all.deb
Debian	10	all	iceweasel-l10n-kab	< 1:78.7.0esr-1~deb10u1	iceweasel-l10n-kab_1:78.7.0esr-1~deb10u1_all.deb
Debian	10	all	thunderbird-l10n-sl	< 1:78.7.0-1~deb10u1	thunderbird-l10n-sl_1:78.7.0-1~deb10u1_all.deb
Debian	9	all	firefox-esr-l10n-ff	< 78.7.0esr-1~deb9u1	firefox-esr-l10n-ff_78.7.0esr-1~deb9u1_all.deb
Debian	9	all	firefox-esr-l10n-de	< 78.7.0esr-1~deb9u1	firefox-esr-l10n-de_78.7.0esr-1~deb9u1_all.deb