[SECURITY] [DLA 3569-1] thunderbird security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3569-1] thunderbird security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sun, 17 Sep 2023 11:42:33 +0200 (CEST)
Message-id: <[🔎] 20230917094233.992E82A00DE@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3569-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 17, 2023                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:102.15.1-1~deb10u1
CVE ID         : CVE-2023-4863

A buffer overflow in parsing WebP images may result in the execution of
arbitrary code.

For Debian 10 buster, this problem has been fixed in version
1:102.15.1-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmUGygcACgkQnUbEiOQ2
gwJ6MRAAnS4CiEFlH47xufUkyKqZfUNJmyuEEVvWm23U5/Lr+hu4aPgJT7SzgvLu
UxVgANpbBYrM50kpPGJbweaOHaebkr/pWt0RLPrT3Y9m5W9GmmDcSNunQ/KsIvZm
wuWK262F3tqxJMqrgGms8LsjK+3hkwAjvVoiqQ+tHLWP65rs15i9d385ofkxGS0H
sIYZNNBKya9cLVDTBG/B45rFJP35o2uXoEe58sY5rK3suiD9DmLbg93JmwtW9VxH
64n7CL572L3ObuiTJKKrnASsLm6c1sTRsSBgZayjUzEBdaoJgzZG1pZ3dEuT+ypY
NpRU6xK/sjeqtJxHN8ACV1WEfSvgbJJ/880rK6fYXAT3zog5SMVQ/c/IDOFPyF/K
dIaIDfbMV5kzK83ob4NAe+InWPlUpG9MF1EvoCxrQ9SdMuMCF/y2vNQPTQdeXiiO
SIydM6JFr2zyBRPSKM3ZcCeEaxqqcTBEo38S7VJ+5beyRB2H9c8BZ+dj20rbwYEk
QGmWNIn0MZUTzcS2YWJx2Be27WOgWD54meVbbTlTst8lJL58eRyxDQ+ucQZGpz+U
mivSyO5b5E+Ywk0Zl4Cfh/ZaWz06ZzMMek5rkutc2moxGck3QJlb0bBZR2MntZGA
0devhDuIlgXd0b8RJTvmwttH31l3WtBg+hZVJvNmFIdtG/9NJUg=
=hbRD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3568-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 3570-1] libwebp security update
Previous by thread: [SECURITY] [DLA 3568-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 3570-1] libwebp security update
Index(es):
- Date
- Thread