[SECURITY] [DLA 4405-1] thunderbird security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4405-1] thunderbird security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Sat, 13 Dec 2025 08:19:49 +0100
Message-id: <[🔎] 20251213071949.6202F5F00083@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4405-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 13, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:140.6.0esr-1~deb11u1
CVE ID         : CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324
                 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330
                 CVE-2025-14331 CVE-2025-14333

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
1:140.6.0esr-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmk9E5IACgkQnUbEiOQ2
gwKS/Q/+LvUWPIKjA0v6e+tNlrQ3O8mn23gcdVDUNRK5BRdGCRC/jQVx0HcwsoMU
z8q8jasd2OkDy67CA2JRuUzL0yf6r78lMNybiB2mwh8tbpWlfQNSAQ3dbXErdY6U
EFu7+1wiSjtUv1fqmsNC21VXQ7jFVyQ8WghGGKPWuH0WNoPSN3huu6FSQhjhaDh5
hweaclsviel80RXq3Y5J4k759FA5hmycbGqzRw1JPlY9dcFqfc4Hs965MazPBd1s
gPnYt82jOMrcUE7qwCU2KIAopnQ8r50HY5D4PVMbjHxEsANaxi8bhARzV8+1a9Kr
7MdPXoZ/AMKgm79q/JVzkC6N/PC6i+/wgqDN8pflQdIZca6ZDLKOEwO4cUde4+dy
7xqRMqzrBdA09OWyMzz9DlU0p/PlkmCj3RUSKFb3/pVSi8ErCMeFXWn99znIXzOD
ZY3eMbM5aUovdOJvJDck7GV3m38OD8eHNwW18P5yq6TJ1ahdk/R3wc7DSFf4HHuB
XSqDK5zb4AI6C8F6dFkLEQdzND0cMgoH54MTZVYgxjCryAfK4aK6uJWfTTWgY1in
gZK9x7qlgH5Wy8dnywWEJSadUFvN4P9Pm7aIMYVcnjxYv5Kz+eh82C/jul0/GrAS
Ut9ufW8kzjBRQ6jgjcolIkRUMMigkkUwT9nR957Mjj2uLvvVcUU=
=pB4E
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4404-1] linux security update
Next by Date: [SECURITY] [DLA 4406-1] ruby-git security update
Previous by thread: [SECURITY] [DLA 4404-1] linux security update
Next by thread: [SECURITY] [DLA 4406-1] ruby-git security update
Index(es):
- Date
- Thread