icedove - security update

2016-05-1300:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

For the stable distribution (jessie), these problems have been fixed in
version 38.8.0-1~deb8u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

CPENameOperatorVersion
icedoveeq36.0~b1-2
icedoveeq38.3.0-1~deb7u1
icedoveeq31.8.0-1~deb8u1+kbsd11
icedoveeq38.5.0-1~deb8u1
icedoveeq38.7.0-1~deb7u1
icedoveeq38.1.0-1
icedoveeq38.2.0-1~stretch
icedoveeq38.4.0-1
icedoveeq31.7.0-1~deb7u1
icedoveeq31.7.0-1

Name	Operator	Version
icedove	eq	36.0~b1-2
icedove	eq	38.3.0-1~deb7u1
icedove	eq	31.8.0-1~deb8u1+kbsd11
icedove	eq	38.5.0-1~deb8u1
icedove	eq	38.7.0-1~deb7u1
icedove	eq	38.1.0-1
icedove	eq	38.2.0-1~stretch
icedove	eq	38.4.0-1
icedove	eq	31.7.0-1~deb7u1
icedove	eq	31.7.0-1