From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 60BFE15808B for ; Mon, 19 Feb 2024 06:15:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B79F3E2BDA; Mon, 19 Feb 2024 06:11:19 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B4594E2B28 for ; Mon, 19 Feb 2024 05:59:05 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 37FB533C1EB for ; Mon, 19 Feb 2024 05:59:05 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 27E31B39E2 for ; Mon, 19 Feb 2024 05:59:05 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202402-25 ] Mozilla Thunderbird: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============4060573381889712439==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Mon, 19 Feb 2024 05:59:04 -0000 Message-ID: <170832234516.8.5968935774706704936@987c7955d8b1> X-Archives-Salt: 903c96b3-1a02-44b5-92a3-0d5d79a6aace X-Archives-Hash: d8d94ea71ca460bee044e4a192bebcda --===============4060573381889712439== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple Vulnerabilities Date: February 19, 2024 Bugs: #918444, #920508, #924845 ID: 202402-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Affected packages ================= Package Vulnerable Unaffected --------------------------- ------------ ------------ mail-client/thunderbird < 115.7.0 >= 115.7.0 mail-client/thunderbird-bin < 115.7.0 >= 115.7.0 Description =========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0" All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0" References ========== [ 1 ] CVE-2023-3417 https://nvd.nist.gov/vuln/detail/CVE-2023-3417 [ 2 ] CVE-2023-3600 https://nvd.nist.gov/vuln/detail/CVE-2023-3600 [ 3 ] CVE-2023-4045 https://nvd.nist.gov/vuln/detail/CVE-2023-4045 [ 4 ] CVE-2023-4046 https://nvd.nist.gov/vuln/detail/CVE-2023-4046 [ 5 ] CVE-2023-4047 https://nvd.nist.gov/vuln/detail/CVE-2023-4047 [ 6 ] CVE-2023-4048 https://nvd.nist.gov/vuln/detail/CVE-2023-4048 [ 7 ] CVE-2023-4049 https://nvd.nist.gov/vuln/detail/CVE-2023-4049 [ 8 ] CVE-2023-4050 https://nvd.nist.gov/vuln/detail/CVE-2023-4050 [ 9 ] CVE-2023-4051 https://nvd.nist.gov/vuln/detail/CVE-2023-4051 [ 10 ] CVE-2023-4052 https://nvd.nist.gov/vuln/detail/CVE-2023-4052 [ 11 ] CVE-2023-4053 https://nvd.nist.gov/vuln/detail/CVE-2023-4053 [ 12 ] CVE-2023-4054 https://nvd.nist.gov/vuln/detail/CVE-2023-4054 [ 13 ] CVE-2023-4055 https://nvd.nist.gov/vuln/detail/CVE-2023-4055 [ 14 ] CVE-2023-4056 https://nvd.nist.gov/vuln/detail/CVE-2023-4056 [ 15 ] CVE-2023-4057 https://nvd.nist.gov/vuln/detail/CVE-2023-4057 [ 16 ] CVE-2023-4573 https://nvd.nist.gov/vuln/detail/CVE-2023-4573 [ 17 ] CVE-2023-4574 https://nvd.nist.gov/vuln/detail/CVE-2023-4574 [ 18 ] CVE-2023-4575 https://nvd.nist.gov/vuln/detail/CVE-2023-4575 [ 19 ] CVE-2023-4576 https://nvd.nist.gov/vuln/detail/CVE-2023-4576 [ 20 ] CVE-2023-4577 https://nvd.nist.gov/vuln/detail/CVE-2023-4577 [ 21 ] CVE-2023-4578 https://nvd.nist.gov/vuln/detail/CVE-2023-4578 [ 22 ] CVE-2023-4580 https://nvd.nist.gov/vuln/detail/CVE-2023-4580 [ 23 ] CVE-2023-4581 https://nvd.nist.gov/vuln/detail/CVE-2023-4581 [ 24 ] CVE-2023-4582 https://nvd.nist.gov/vuln/detail/CVE-2023-4582 [ 25 ] CVE-2023-4583 https://nvd.nist.gov/vuln/detail/CVE-2023-4583 [ 26 ] CVE-2023-4584 https://nvd.nist.gov/vuln/detail/CVE-2023-4584 [ 27 ] CVE-2023-4585 https://nvd.nist.gov/vuln/detail/CVE-2023-4585 [ 28 ] CVE-2023-5168 https://nvd.nist.gov/vuln/detail/CVE-2023-5168 [ 29 ] CVE-2023-5169 https://nvd.nist.gov/vuln/detail/CVE-2023-5169 [ 30 ] CVE-2023-5171 https://nvd.nist.gov/vuln/detail/CVE-2023-5171 [ 31 ] CVE-2023-5174 https://nvd.nist.gov/vuln/detail/CVE-2023-5174 [ 32 ] CVE-2023-5176 https://nvd.nist.gov/vuln/detail/CVE-2023-5176 [ 33 ] CVE-2023-5721 https://nvd.nist.gov/vuln/detail/CVE-2023-5721 [ 34 ] CVE-2023-5724 https://nvd.nist.gov/vuln/detail/CVE-2023-5724 [ 35 ] CVE-2023-5725 https://nvd.nist.gov/vuln/detail/CVE-2023-5725 [ 36 ] CVE-2023-5726 https://nvd.nist.gov/vuln/detail/CVE-2023-5726 [ 37 ] CVE-2023-5727 https://nvd.nist.gov/vuln/detail/CVE-2023-5727 [ 38 ] CVE-2023-5728 https://nvd.nist.gov/vuln/detail/CVE-2023-5728 [ 39 ] CVE-2023-5730 https://nvd.nist.gov/vuln/detail/CVE-2023-5730 [ 40 ] CVE-2023-5732 https://nvd.nist.gov/vuln/detail/CVE-2023-5732 [ 41 ] CVE-2023-6204 https://nvd.nist.gov/vuln/detail/CVE-2023-6204 [ 42 ] CVE-2023-6205 https://nvd.nist.gov/vuln/detail/CVE-2023-6205 [ 43 ] CVE-2023-6206 https://nvd.nist.gov/vuln/detail/CVE-2023-6206 [ 44 ] CVE-2023-6207 https://nvd.nist.gov/vuln/detail/CVE-2023-6207 [ 45 ] CVE-2023-6208 https://nvd.nist.gov/vuln/detail/CVE-2023-6208 [ 46 ] CVE-2023-6209 https://nvd.nist.gov/vuln/detail/CVE-2023-6209 [ 47 ] CVE-2023-6212 https://nvd.nist.gov/vuln/detail/CVE-2023-6212 [ 48 ] CVE-2023-6856 https://nvd.nist.gov/vuln/detail/CVE-2023-6856 [ 49 ] CVE-2023-6857 https://nvd.nist.gov/vuln/detail/CVE-2023-6857 [ 50 ] CVE-2023-6858 https://nvd.nist.gov/vuln/detail/CVE-2023-6858 [ 51 ] CVE-2023-6859 https://nvd.nist.gov/vuln/detail/CVE-2023-6859 [ 52 ] CVE-2023-6860 https://nvd.nist.gov/vuln/detail/CVE-2023-6860 [ 53 ] CVE-2023-6861 https://nvd.nist.gov/vuln/detail/CVE-2023-6861 [ 54 ] CVE-2023-6862 https://nvd.nist.gov/vuln/detail/CVE-2023-6862 [ 55 ] CVE-2023-6863 https://nvd.nist.gov/vuln/detail/CVE-2023-6863 [ 56 ] CVE-2023-6864 https://nvd.nist.gov/vuln/detail/CVE-2023-6864 [ 57 ] CVE-2023-37201 https://nvd.nist.gov/vuln/detail/CVE-2023-37201 [ 58 ] CVE-2023-37202 https://nvd.nist.gov/vuln/detail/CVE-2023-37202 [ 59 ] CVE-2023-37207 https://nvd.nist.gov/vuln/detail/CVE-2023-37207 [ 60 ] CVE-2023-37208 https://nvd.nist.gov/vuln/detail/CVE-2023-37208 [ 61 ] CVE-2023-37211 https://nvd.nist.gov/vuln/detail/CVE-2023-37211 [ 62 ] CVE-2023-50761 https://nvd.nist.gov/vuln/detail/CVE-2023-50761 [ 63 ] CVE-2023-50762 https://nvd.nist.gov/vuln/detail/CVE-2023-50762 [ 64 ] CVE-2024-0741 https://nvd.nist.gov/vuln/detail/CVE-2024-0741 [ 65 ] CVE-2024-0742 https://nvd.nist.gov/vuln/detail/CVE-2024-0742 [ 66 ] CVE-2024-0746 https://nvd.nist.gov/vuln/detail/CVE-2024-0746 [ 67 ] CVE-2024-0747 https://nvd.nist.gov/vuln/detail/CVE-2024-0747 [ 68 ] CVE-2024-0749 https://nvd.nist.gov/vuln/detail/CVE-2024-0749 [ 69 ] CVE-2024-0750 https://nvd.nist.gov/vuln/detail/CVE-2024-0750 [ 70 ] CVE-2024-0751 https://nvd.nist.gov/vuln/detail/CVE-2024-0751 [ 71 ] CVE-2024-0753 https://nvd.nist.gov/vuln/detail/CVE-2024-0753 [ 72 ] CVE-2024-0755 https://nvd.nist.gov/vuln/detail/CVE-2024-0755 [ 73 ] MFSA-2024-01 [ 74 ] MFSA-2024-02 [ 75 ] MFSA-2024-04 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-25 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============4060573381889712439== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmXS7igACgkQFMQkOaVy +9nhwBAAlXjNGHja2cZ2Ira/HcV7kedFnnC0/8ns11JyiEF5OLm0oYhN6GzYxIXc EYwfQtk3hQY+GphH62c51fteMzlb/Kq8Hi61ULkRBJNKb6PSSM33RGI3vbpljqlN 6i327jNYZvK7oaow6cUGUoByAhf3jbDsCE5C/5Ly6RT9qAT1EFXBq/ByxAKsUmLI WQtVRlcfZ4MzC6u/OdhMSlglQQjwZGL/xwfn3U/sPoSkP3GFH88vYdqzZnI/XAd6 WKHKNuKXdWFVDWhB9FgLpecGi32IzaNkEnlV42UDVh9+ic9ZqC50Zwamyv7ikwTK LwKDn8iHJfhnVcfr3QfQ12OJCGtdrVM1Z2l+H86NIz//YJtJmYPguIeopI9KtbD9 6n8J3ZgSyyEHa3LE/Xe/3TiWhXw0t3+RBvLHEN4OsKS+R0fyWGwbTE8u6gi5erSd 4MJ3K2xlmjdqzLAepqdpOVB24T83MQsxQdiUosd6FmNmriu/tIKbz1bzE9qNscTS zWvfbZR9eqlDvwVDR0pFDeZqaVRvkhAgZ7FYB33r+8hGCFe7/4U/daCb3jktI8zy rzurBHDO+LyaV9zcPqUyvSQkPsti47U8pOvEOM+d8sPljc9T5Ab4Pli1P2aMOSiZ DLN4ZWiHZtWVwnzJ3y5A2b8MEEYtqYlhGlXr0UTRTd9NqyePyQY= =H+4f -----END PGP SIGNATURE----- --===============4060573381889712439==--