Debian alert DSA-6288-1 (thunderbird)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6288-1] thunderbird security update | |
| Date: | Thu, 21 May 2026 18:38:17 +0000 | |
| Message-ID: | <ag9RGQIhXqGWcmZ9@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6288-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946 CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954 CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958 CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970 CVE-2026-8974 CVE-2026-8975 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.11.0esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 1:140.11.0esr-1~deb13u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoPUOYACgkQEMKTtsN8 Tjb3vQ//Y9Meg5VX+DYweYc7HLuHbo9cKdp/k7hJE0gFJ9SJAlXttLmhr7wqEYB/ HyU2lS9rMu3zt74FQL42tmHemSttJUPWkaWcL9fUC3hfFm7PJGZFwhLcIVB/WnCm ZoKVeBx16/L9bJ+CxgK/+gsk1xlO6WPQ+CCZxgDHdpJdrFjHyFaTLxY9zlc1G//z DKd7LC5j4Y1JNN6DhQgDMB752jMLdXz+QhcsCX06+EiOEj4M5b0NZx/OsqbKRm9K S1xWfdCM1kMrkhIhsY9FewySUabke14HmfqFFVVcpwujCArU725XC4h6CeqXEhNB pRbR6b5VyAMb4DEbq4nrTdAjzbq6ygKh9aRBFtyW8DiuHrWb1cG6M8doUIFdA4x5 hQaErtzjbUAtM4gVl8kE7+Krw+w4L+r4Ime272h4ut1LZTO+tywu/eiPIZS1+GJn mGjTMjFQ+lqzppjJeoR004scIyalshBksDobkM2cxY8TzL08EWceUqtH8TflZPai divhOIFzeUY77Wtyrv7eKYPFMvrt63K93ej7YyuuVdMW0v5EB0GOwDq8ykkR4tki VJD7YOD+B5NvVdNj7M2XTdAVmEDjQrj8N6qnJu/OWsXLmOgSlxMF9NkofD4E4vMa zkPgqd6/7mcAR4wRt1BE/tk+yiSp1C5MYos7iEfB5tjvq9KCOnM= =zVyl -----END PGP SIGNATURE-----