-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2638
                        thunderbird security update
                               3 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15659 CVE-2020-15652 CVE-2020-6514
                   CVE-2020-6463  

Reference:         ESB-2020.2623

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4740

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4740-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 02, 2020                       https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659

Multiple security issues have been found in Thunderbird which could
result in denial of service or potentially the execution of arbitrary
code.

For the stable distribution (buster), these problems have been fixed in
version 1:68.11.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8m+x0ACgkQEMKTtsN8
TjZSVBAAk7NhxlpKH1qEzOMlG3UJ1WRFYLRCTDls7M0163LH5dF9Cw6NQ/7k5vmd
ZfPHZhWhHSBu4rFsyIt43DsaODc+rAkM2MWbZ05waWSrAgcuHgHKpQIZVmzOydax
UMt7rdv5+EYtYylKjepWtuhON3btePaW92XZsFxGfe4bPE/x11udjs+Z1p0z34Wr
jXN4WP8dYpu6JWIVLmWApzCR566omLJIdV4cZgQYtgSBwr3GyvW49n9a870TVFfb
ojHlPuRavZENGVt2B14q5zBYbkWnLdgUt66syjnm2MqZItgnQXMMxB6yhKLZzXz0
qqlq7Xcr4Z82QecS8U+9+x86k8ySOoLgHpbs+7T87rVQSa3gaLSPL04IK07BWjEC
DBZgrcQwCrP/plIWhMBMWJ6SSO62nhB7/Kbk1Pt02vIcbjn6GKLz0rRGp7Fq+HUZ
kWDjkIqYRwxpumVTRKCePh6bKNwUkqRrga7jVs7VX0y63pEFfHzqqwotiodt6pHS
DzpK+OCIjA8TsfhGre9TwvU81GP+P151EYZOihXjScBpV00c5UkpDrv/U+f2E6De
2XTKAU9tcTClmzEPHSG+zNYyM/WbN1gN/ENA0bBHmYPU8+0W8XJEh5zph6zbh8Zh
zKGZClhZvGuMEr+2UOqWFnXJtb3f8i3/HAyAqLaXfTF2jVZgnFU=
=VbZb
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXydxA+NLKJtyKPYoAQjbEw/7B2B7shOS9rkv7CSaxVfILN5Wy7OHWbTM
+U3veJ3/H9x2Jofhry7nYHpGvk9ta6ItOIWRhaVm8teTvginw8yCUuE0zfgNgyNE
ocZKNHvvkmKShKuwSPT0pSpl/ay839q/hvcNfca+PcF6MmXdkYAATJXt1wlQcmPq
ziBrD7AYPS6dumIX4GsvfYpIyqVUzhRQkKhyAhUxZ9wXCO/sPvzcIZWdJJ1R6rYw
FwUC5ZUERoQodaq5gFYPtWb7+9LPAVCjMdU+bEBWkXSawTfjqGZP6HLx7onIQkUc
EYeal3g8ByuGpN6gLtVkeFiHqY7gbbbp1HBp9nk53Xqn+BuowD9+q6vcO5dxK3mS
FHmmrgzGJSp1vL0ql9MMy0x1xwOuMKiZR4/sSecxCHMRUgbUXbmCBB2Y1ZXvNav7
QfDEX8JEnjdGHfnhvMsc4tGzvPKoereGVYG8HeJfjxBlAhTJY05MIFjrGIPO4dn+
yJdD/uNMBtlMnIRMDrautr5e6BriizWRufyyyfXqV60kaEb0lLiWzF3Y6v0WhKZ2
V6drCCfYUxIIoXTdnzL6AwFfNqpRTuv1QF6zrvERz2V6x/UviSigMZLex3mHpMa1
UDmuxpoqdr3TRKZ6260ozXDEop8Ihu9iHWODEPyLAkQVQhO8Wn7u0PMSdPx+To1f
thCfkhfn5ac=
=v0dE
-----END PGP SIGNATURE-----