Scientific Linux alert SLSA-2021:1192-1 (thunderbird) [LWN.net]


From:
               Farhan Ahmed <fahmed@fnal.gov>
To:
               scientific-linux-errata@listserv.fnal.gov
Subject:
               Security ERRATA Moderate: thunderbird on  x86_64
Date:
               Wed, 14 Apr 2021 21:31:53 -0000
Message-ID:
               <20210414213153.1686.27803@4d14c5bc2382>
Synopsis:          Moderate: thunderbird security update
Advisory ID:       SLSA-2021:1192-1
Issue Date:        2021-04-14
CVE Numbers:       CVE-2021-23991
                   CVE-2021-23992
                   CVE-2021-23993
--

This update upgrades Thunderbird to version 78.9.1.

Security Fix(es):

* Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism
to poison an existing key (CVE-2021-23991)

* Mozilla: A crafted OpenPGP key with an invalid user ID could be used to
confuse the user (CVE-2021-23992)

* Mozilla: Inability to send encrypted OpenPGP email after importing a
crafted OpenPGP key (CVE-2021-23993)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		scientific-linux-errata@listserv.fnal.gov
Subject:		Security ERRATA Moderate: thunderbird on x86_64
Date:		Wed, 14 Apr 2021 21:31:53 -0000
Message-ID:		<20210414213153.1686.27803@4d14c5bc2382>