Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3251
thunderbird security update
5 July 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: thunderbird
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-34484 CVE-2022-34481 CVE-2022-34479
CVE-2022-34472 CVE-2022-34470 CVE-2022-34468
CVE-2022-31744 CVE-2022-2226 CVE-2022-2200
Original Bulletin:
http://www.debian.org/security/2022/dsa-5175
Comment: CVSS (Max): 7.5 CVE-2022-34484 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Source: Red Hat
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5175-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 04, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2022-2200 CVE-2022-2226 CVE-2022-31744 CVE-2022-34468
CVE-2022-34470 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481
CVE-2022-34484
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
For the oldstable distribution (buster), these problems have been fixed
in version 1:91.11.0-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 1:91.11.0-1~deb11u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLDOLUACgkQEMKTtsN8
TjaTKA/9GpVd8yab9mo56BBlg7lZZ9Z4fBPox2JxAEoq1nwrNK/hSUOjWqfePuYM
It0B2vGXFvzKRT3/R3JWbnypSFQgaygDyLKnXCTHcBr8Q1Et08Uiqb0/lL74p8Xz
mldZ7N0Gr50StwZP/c6seOUh6s63JMotRf1zjuNRWkGL+TUXfEavOzLSFDshO3DK
gvN627Qyo52rjz5MRUCGTlX14M6F1ekdREK2PlkjHdYkWnLJe2h9GKUv+rH0lCkv
Zq8TKfnLtZR2fMQhT8FriLGautCePaI2tUHgSGbEat/By1eZzNPSi315ZXJJ9Sld
zcMEFB3YdF57ndGpezuRPPj35or0OejPr1rs6b3C7FEiwJbYUStx3ef+yZB2y2E6
1ZzR8ztAoW5sDIqdPyDdf1+h16bMJYcG/3e+D93FgR++X+4aopebNfirjArOYWeo
Ezc+LY0tfdKX8DtBIwt/b8D4ZPV7SQGDx9YAYn91z0LTg7pgDeTz65yCP5BKo4s2
Z+JrlOg49iqzg0lsL/g5/phcExATXXem0l10I1jZs7kgi4264l+m4bf+G+E6pf6o
1dXA8dv/PHUNPYWxe5UPA+bgGqrItc4he96TMNFSK2+4tWzeV2aUvyomHbCn5cr7
7chQRt5W7Yg+powqANRhZ9f12MZfwmF+tCi8btyHXSYYnT/Jif4=
=EIdW
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYsOzdskNZI30y1K9AQg8Yw/+OJSvAf5l5PIfeWoSjDuh6A0VCEREi0L/
FfbASX7v6pXUZf7vS0wpSGGgIaPyPi43wTBJHYw0rR3KJmx/Pw338VNYTNdEqQFL
JqRR6tqRjXvQBTrRxX6Sxa1l+sNlrWEdjSY0Nf4w+/gZN8XUPnV9uyyzj0AbD1C6
S2m9rTzN1UPoGdh7XlW1a2rg5+e4BPL23jfzJAkHkys9EAuwi/1hCbRG5z/V5R5P
NS4m3+L0TispNyF5VUvoa3zuBrPVHQaxUIEZ5gOwMFm/ZEmM8tptvnwZ4QcPN8rZ
oZuWwL4HGz3ngmKhvXObyuvo5GTocqHs/GC8g15JxzcTCLZgfB2ufN+IMnxq9Vhj
Pw5Dua8zKc/G6HwthbvUfN3bdB7P2nek081UkaEYg1GwrzkIKCzqVQY42U1s2NaQ
g5nLBVk7hqkzRy3WcY7mNP0X71tbKLxTMksEgO/kuSkr5xN6F6gbnoes109NNuMc
7odES2w9+L95r5kjvcO71R3sxXhSS6OAHYcIg1AKy1zBPDdrGInT8Ok3ifzjBZ/K
Asq0ujqpKObJOVaKZeZfVb7Mwr9RJp98UG5y46hypRyritwOykqIKp0weUd4/bhe
I2ehk0/lmjQ9/A0BGOKt2MdRlJJaj/dTAHpdn8umOQqKtcYY/42Hjrz2CdbybFOL
ytOq6RHLGWA=
=dj0k
-----END PGP SIGNATURE-----