[SECURITY] [DLA 4582-1] thunderbird security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4582-1] thunderbird security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 14 May 2026 16:23:31 +0200
Message-id: <[🔎] 20260514142331.A88085F0000B@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4582-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
May 14, 2026                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:140.10.2esr-1~deb11u1
CVE ID         : CVE-2026-8090 CVE-2026-8092 CVE-2026-8094

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
1:140.10.2esr-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmoF2uEACgkQnUbEiOQ2
gwJc/g//d8c+CUFomaLwu61eJ/BKldP111lM5UKGpcPPBPfXon7UymutsQF/L1DU
8SXn9axaMXy4L4wtzVEuay06Hz3JvrWBGuP5DmT8/lGgHPIYpZgirdtgz1B0RLsB
89b8DVB2dzwtLpOnEnak4K3Oi+KNmhr7E2wbxl7VIbYAXxAJH5P7w5As7823EQiZ
CnFIjg9DQTebQoRMgWXUTs0awacoOpuF+QDdcW9xLO10WISBI/0l37n8qGDiOooO
lj8aGbkDtF2LuG7BErkE/J7ABU5y1MYyTAGqcwSaJ2o4DX4cpFnfQWh2u3ze2vKa
0Ou+wt58DPOLQq9MmJN86Mwz/I8d1XxaM7LjiRj5uMf4epYu7KTWDsTYBAfqj3O7
8e9DNvPu2IKFUTVjBHtHb9WT9EJo/244hqANIsGBLtJk1u8wSJGBObH73PtP+d7T
yzzDiR4WVQONjg88nGG1xD/cP/h5kIwZcEM97f69bW9UlMtS5ZHw4kNnTOGQe9qV
im3HErcmiQp2rJ59D83Cnnl1ubOCEG4cDULe+uLcRAUxPpF9rax613zC7DT5Xw+3
buWKU/xgF8wQpWLOcHwmPxyzBAYoGdSroIaCMpITYNu9x63tWwPrI5eKc7VYT24Y
xZk1CE3NSoppHYZdYmXsw2OLqA/pogx4eguHyZhke7SDTSVN+xk=
=xXRA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4581-1] nghttp2 security update
Next by Date: [SECURITY] [ERRATUM] [SECURITY] [DLA 4571-1] apache2 security update
Previous by thread: [SECURITY] [DLA 4581-1] nghttp2 security update
Next by thread: [SECURITY] [ERRATUM] [SECURITY] [DLA 4571-1] apache2 security update
Index(es):
- Date
- Thread