Mageia alert MGASA-2019-0285 (thunderbird)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2019-0285: Updated thunderbird packages fix security vulnerabilities | |
| Date: | Sat, 21 Sep 2019 13:08:33 +0200 | |
| Message-ID: | <20190921110833.3231F9F950@duvel.mageia.org> |
MGASA-2019-0285 - Updated thunderbird packages fix security vulnerabilities Publication date: 21 Sep 2019 URL: https://advisories.mageia.org/MGASA-2019-0285.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752 Description: The updated thunderbird packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/ alternative message. (CVE-2019-11739) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Cross-origin access to unload event attributes. (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Use-after-free while manipulating video. (CVE-2019-11746) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) References: - https://bugs.mageia.org/show_bug.cgi?id=25435 - https://www.thunderbird.net/en-US/thunderbird/68.1.0/rele... - https://www.mozilla.org/en-US/security/advisories/mfsa201... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1... SRPMS: - 7/core/thunderbird-68.1.0-1.1.mga7 - 7/core/thunderbird-l10n-68.1.0-1.mga7