[SECURITY] [DSA 5912-1] thunderbird security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5912-1] thunderbird security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 1 May 2025 18:12:07 +0000
Message-id: <aBO5d/pW4vFKuE1D@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5912-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2025                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083 
                 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure

For the stable distribution (bookworm), these problems have been fixed in
version 1:128.10.0esr-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgTt6gACgkQEMKTtsN8
TjYvsQ/6AxRZLLod3u5gHbtIbq5SaBGqzFt2hQZYuYlH3jo0mDGzCwG++tWfUM2B
pDwMPjv4jFE/4+ymr0Psa17IKGK/A0NLHJtDD7AYJVmFa1H09vIRtqpTB6FIpPIF
rF6yPWXiRdSNrCmoSHhCfW6LrMGIx1bMvXEjPFAM0eS+a7dxk7o3KSNzrcVNriHZ
sEhwvG0unns7nsXnh+S/SuEg6XSJ/kWXxeDyPa0fre2oRGWC9Aj4CnW/Hf0GjYqV
IK2KucnChH62rEWbtvbMuGig3Tw7tX6Ud7xR2o8gpvI2gZEPW+Q631ItR5Qa+gok
Qi4kHRpF5xWZuDLORZFw8luMHWRQog4FQWuMIhh3Mu+zDCDIGCDi4GPCeQ2NZVDG
DtM+QT+GswnsVNBnCXxs2POkIQoLzcNOOoL5Ms5EZflnLEVzdW1BI95DoitiCpph
Rc3U6dDDXVjQhCq33jbLdRgqaeteAXUhgJnK4AYF8+DP/UaHVoK2ZWSdXlHC1ncY
FC7Q+QfF3IIvpOQqC/sTHB7i1/ATgVRu5PXZ3DqXNtxRAnG4w5LJ80qW1ZYvRNuV
fxjp/+fv5FPzgrGZL5GPFsgdrCmt8aJh8ou8Y/xmzkN1WsXp+PLdM/YShwi94Xzb
8RcMUnFHxFFf1frBKDK3cgDrd3+jso1YcTBnzEJIL1N5NDbMA1c=
=rmuY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5911-1] request-tracker4 security update
Next by Date: [SECURITY] [DSA 5913-1] openjdk-17 security update
Previous by thread: [SECURITY] [DSA 5911-1] request-tracker4 security update
Next by thread: [SECURITY] [DSA 5913-1] openjdk-17 security update
Index(es):
- Date
- Thread