From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D171E158094 for ; Thu, 29 Sep 2022 14:40:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 63161E0A8C; Thu, 29 Sep 2022 14:34:18 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A00A6E0956 for ; Thu, 29 Sep 2022 14:22:07 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id D7FE43411EA for ; Thu, 29 Sep 2022 14:22:06 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id CBFA48CAA4 for ; Thu, 29 Sep 2022 14:22:06 +0000 (-00) Subject: [gentoo-announce] [ GLSA 202209-18 ] Mozilla Thunderbird: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============0518295983957850770==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Thu, 29 Sep 2022 14:22:06 -0000 Message-ID: <166446132683.9.83807034271615105@90bb6a0775af> X-Archives-Salt: 5a4d3887-2ff0-4006-b5a2-68e57f6a2c40 X-Archives-Hash: fc6caaf60308e2a72c5466132e57a4a0 --===============0518295983957850770== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #872572 ID: 202209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 102.3.0 >= 102.3.0 2 mail-client/thunderbird-bin < 102.3.0 >= 102.3.0 Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-102.3.0" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-102.3.0" References ========== [ 1 ] CVE-2022-3155 https://nvd.nist.gov/vuln/detail/CVE-2022-3155 [ 2 ] CVE-2022-40956 https://nvd.nist.gov/vuln/detail/CVE-2022-40956 [ 3 ] CVE-2022-40957 https://nvd.nist.gov/vuln/detail/CVE-2022-40957 [ 4 ] CVE-2022-40958 https://nvd.nist.gov/vuln/detail/CVE-2022-40958 [ 5 ] CVE-2022-40959 https://nvd.nist.gov/vuln/detail/CVE-2022-40959 [ 6 ] CVE-2022-40960 https://nvd.nist.gov/vuln/detail/CVE-2022-40960 [ 7 ] CVE-2022-40962 https://nvd.nist.gov/vuln/detail/CVE-2022-40962 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-18 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============0518295983957850770== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmM1qg4ACgkQFMQkOaVy +9kWbBAAp/UqwoUt1cP61YY7jtDThFhEigxUunKU8LfqwXgrq0mjs/+q92+ahYyG +DchvNr9eArvZ71kpl/fsRUhpb/Xi4AvKJQ0sprGkv/P8hgp52jTFTL/gzn7HVxx JT6YT8PQBgBNTfp9T0EAAxRHjXiCHHFVKbHbZVBUla5w1vb1LkK/F5fdaqew2/GG KgE2HXHjUiJEof/1U2uL8SR2/h+QjN7BvcjMgIRuyyVL3CqUmsq41KjzZrMZjPDD llPbWreav4gOBFYe5LnChJph2SUj1FQhacekL4oK2y5VmhVkknw3g+8MVbKQihQY 51TJzF57QxSROQQBTIPOMX/ERCOBcB1rCOCLn3FDchkuvVW6H8V4LO7hxQ05UJJt z22Q+w1QbKhMcCX1+6MVEU4bmKqqNQUtlvE+0iXjG2xbvp8Qc8gvpVdiqDD3SR++ iAXoUz53y4O3QX57EqQ2XpP5IArNLIZbTZeHueq1Uj8pgIZsCOMC6A59YFu7ESHM TFlDTkZo4KdbGXSoyGCDDZRxSeRfdtNsOiLlt7EDGzwQwY1oqDhcSniOTxaC+voF 8XVdt/4jDDswlgRqkzPDND63yOOIaFZ+g+0RZzN33b/ieO46Kt71nuyXgNeZE2WW G/QzexnCVQvw8XX3R/i8q4E9LRkh7HOEV8XvsPvc5/iJDs9jvSw= =kRih -----END PGP SIGNATURE----- --===============0518295983957850770==--