icedove - security update

2016-08-1100:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

For the stable distribution (jessie), this problem has been fixed in
version 1:45.2.0-1~deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 1:45.2.0-2.

For the unstable distribution (sid), this problem has been fixed in
version 1:45.2.0-2.

We recommend that you upgrade your icedove packages.

CPENameOperatorVersion
icedoveeq1:45.0~b4-1
icedoveeq36.0~b1-2
icedoveeq42.0~b1-1
icedoveeq38.3.0-1~deb7u1
icedoveeq1:45.0~b4-2
icedoveeq31.8.0-1~deb8u1+kbsd11
icedoveeq38.5.0-1~deb8u1
icedoveeq38.7.0-1~deb7u1
icedoveeq38.1.0-1
icedoveeq38.2.0-1~stretch

Name	Operator	Version
icedove	eq	1:45.0~b4-1
icedove	eq	36.0~b1-2
icedove	eq	42.0~b1-1
icedove	eq	38.3.0-1~deb7u1
icedove	eq	1:45.0~b4-2
icedove	eq	31.8.0-1~deb8u1+kbsd11
icedove	eq	38.5.0-1~deb8u1
icedove	eq	38.7.0-1~deb7u1
icedove	eq	38.1.0-1
icedove	eq	38.2.0-1~stretch