[SECURITY] [DSA 4451-1] thunderbird security update

2019-05-2421:01:55

lists.debian.org

241

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.7%

JSON

Debian Security Advisory DSA-4451-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2019 https://www.debian.org/security/faq

Package : thunderbird
CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819
CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
CVE-2019-11698

Multiple security issues have been found in Thunderbird: Multiple
vulnerabilities may lead to the execution of arbitrary code or denial of
service.

For the stable distribution (stretch), these problems have been fixed in
version 1:60.7.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8alliceweasel-l10n-eu< 1:60.7.0esr-1~deb8u1iceweasel-l10n-eu_1:60.7.0esr-1~deb8u1_all.deb
Debian9alllightning-l10n-ms< 1:60.7.0-1~deb9u1lightning-l10n-ms_1:60.7.0-1~deb9u1_all.deb
Debian9alliceowl-l10n-fi< 1:60.7.0-1~deb9u1iceowl-l10n-fi_1:60.7.0-1~deb9u1_all.deb
Debian8allicedove-l10n-sr< 1:60.7.0-1~deb8u1icedove-l10n-sr_1:60.7.0-1~deb8u1_all.deb
Debian8allthunderbird-l10n-ast< 1:60.7.0-1~deb8u1thunderbird-l10n-ast_1:60.7.0-1~deb8u1_all.deb
Debian9allfirefox-esr-l10n-fy-nl< 60.7.0esr-1~deb9u1firefox-esr-l10n-fy-nl_60.7.0esr-1~deb9u1_all.deb
Debian9allfirefox-esr-l10n-es-es< 60.7.0esr-1~deb9u1firefox-esr-l10n-es-es_60.7.0esr-1~deb9u1_all.deb
Debian8alliceowl-l10n-fy-nl< 1:60.7.0-1~deb8u1iceowl-l10n-fy-nl_1:60.7.0-1~deb8u1_all.deb
Debian8allfirefox-esr-l10n-es-ar< 60.7.0esr-1~deb8u1firefox-esr-l10n-es-ar_60.7.0esr-1~deb8u1_all.deb
Debian9allfirefox-esr-l10n-lij< 60.7.0esr-1~deb9u1firefox-esr-l10n-lij_60.7.0esr-1~deb9u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	iceweasel-l10n-eu	< 1:60.7.0esr-1~deb8u1	iceweasel-l10n-eu_1:60.7.0esr-1~deb8u1_all.deb
Debian	9	all	lightning-l10n-ms	< 1:60.7.0-1~deb9u1	lightning-l10n-ms_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	iceowl-l10n-fi	< 1:60.7.0-1~deb9u1	iceowl-l10n-fi_1:60.7.0-1~deb9u1_all.deb
Debian	8	all	icedove-l10n-sr	< 1:60.7.0-1~deb8u1	icedove-l10n-sr_1:60.7.0-1~deb8u1_all.deb
Debian	8	all	thunderbird-l10n-ast	< 1:60.7.0-1~deb8u1	thunderbird-l10n-ast_1:60.7.0-1~deb8u1_all.deb
Debian	9	all	firefox-esr-l10n-fy-nl	< 60.7.0esr-1~deb9u1	firefox-esr-l10n-fy-nl_60.7.0esr-1~deb9u1_all.deb
Debian	9	all	firefox-esr-l10n-es-es	< 60.7.0esr-1~deb9u1	firefox-esr-l10n-es-es_60.7.0esr-1~deb9u1_all.deb
Debian	8	all	iceowl-l10n-fy-nl	< 1:60.7.0-1~deb8u1	iceowl-l10n-fy-nl_1:60.7.0-1~deb8u1_all.deb
Debian	8	all	firefox-esr-l10n-es-ar	< 60.7.0esr-1~deb8u1	firefox-esr-l10n-es-ar_60.7.0esr-1~deb8u1_all.deb
Debian	9	all	firefox-esr-l10n-lij	< 60.7.0esr-1~deb9u1	firefox-esr-l10n-lij_60.7.0esr-1~deb9u1_all.deb