[SECURITY] [DLA 3698-1] thunderbird security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3698-1] thunderbird security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 29 Dec 2023 11:11:37 +0100 (CET)
Message-id: <[🔎] 20231229101137.2CD1F2A00FB@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3698-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 29, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:115.6.0-1~deb10u1
CVE ID         : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859
                 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6864
                 CVE-2023-6873 CVE-2023-50761 CVE-2023-50762

Multiple security issues were discovered in Thunderbird, which could
result in denial of service, the execution of arbitrary code or spoofing
of signed PGP/MIME and SMIME emails.

For Debian 10 buster, these problems have been fixed in version
1:115.6.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmWOm1kACgkQnUbEiOQ2
gwIMSQ//akgeGKZJRMxhWlIhr6l4QGytlZACPYzs6iCuxU9o8AP5tI3suobFfk3d
ZSIWTj3l9bORw1Zfwr/gRQMXnk8oNPLHblqyKaHozoqoKjuCQW89pclXbDZVml3N
OAofqzbAtFlSB9r0pSq7Edn9FH90iFnE4CHeJoRLbq1Qr1Ee2nzk/UoiaPSlymrp
3pKlSzlmSRmDGFUWZIkTdwLsg8j0YSlMrTRqlkbldlbXxJxxknXL5TO9A6YRPt1B
d5wndr1hYVPmWJ0PGcuk7dSDfvOktBhvdKa/KdUpSaaPFsN7xPzGtRBtHwcvtK3f
G+747I3xD8g2dKYpOWkZlm9KiQZ0AwsapJsfLFc5QpWD25aTryUpOzqRiXkLTDQR
Wob1GWUrrTaVNbeVkrwhvKHSQl6QPI3BoTn3Ejx6qHJjf69RG6255/ZqJsJO0JPa
awf9dZPymdfl0MlfzSrkRls2qXj0L0bTxbtIXRkY5aHxfOVy6hPp1h23fX1GE8KU
4bwmrKLEexoqFHbFfjDuHj6Wdu2UdZQ8uibV2cHh1Hxrur0DlkPGrdItCtxqRMHO
NZ57IbH87PpNzz+iMnK0MUBck5aX7PcCnyIDzTqodT968al2BLJ60IuPr4zvjPmp
dXIWEjTKFv+CC1xvudbJ4wENmTStMRACyiLpyBT2cBUhwJhB8cE=
=9fdH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3697-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 3699-1] libde265 security update
Previous by thread: [SECURITY] [DLA 3697-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 3699-1] libde265 security update
Index(es):
- Date
- Thread