From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce+bounces-2325-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 63A5D1382C5
	for <garchives@archives.gentoo.org>; Wed, 28 Mar 2018 18:35:29 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C68BAE08DB;
	Wed, 28 Mar 2018 18:34:46 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id F02F5E0874
	for <gentoo-announce@lists.gentoo.org>; Wed, 28 Mar 2018 18:24:47 +0000 (UTC)
Received: from monkey (pool-71-191-212-36.washdc.fios.verizon.net [71.191.212.36])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: bman)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 7ED7C335CC5
	for <gentoo-announce@lists.gentoo.org>; Wed, 28 Mar 2018 18:24:46 +0000 (UTC)
Date: Wed, 28 Mar 2018 14:24:42 -0400
From: Aaron Bauman <bman@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Subject: [gentoo-announce] [ GLSA 201803-14 ] Mozilla Thunderbird: Multiple vulnerabilities
Message-ID: <20180328182442.GE4092@monkey>
Precedence: bulk
List-Post: <mailto:gentoo-announce@lists.gentoo.org>
List-Help: <mailto:gentoo-announce+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-announce+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="y2zxS2PfCDLh6JVG"
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Archives-Salt: 4e109bf0-1789-4cce-bb1a-25b44419d7d8
X-Archives-Hash: 3118643796bd3b3ee76af07782a387bc


--y2zxS2PfCDLh6JVG
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201803-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Mozilla Thunderbird: Multiple vulnerabilities
     Date: March 28, 2018
     Bugs: #627376, #639048, #643842, #645812, #645820
       ID: 201803-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been found in Mozilla Thunderbird, the
worst of which could lead to the execution of arbitrary code.

Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.

Affected packages
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  mail-client/thunderbird      < 52.6.0                  >=3D 52.6.0=20
  2  mail-client/thunderbird-bin
                                  < 52.6.0                  >=3D 52.6.0=20
    -------------------------------------------------------------------
     2 affected packages

Description
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the referenced Mozilla Foundation Security Advisories and
CVE identifiers below for details.

Impact
=3D=3D=3D=3D=3D=3D

A remote attacker may be able to execute arbitrary code, cause a Denial
of Service condition, obtain sensitive information, conduct URL
hijacking, or conduct cross-site scripting (XSS).

Workaround
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

There is no known workaround at this time.

Resolution
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

All Thunderbird users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=3Dmail-client/thunderbird-52.6.0"

All Thunderbird binary users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=3Dmail-client/thunderbird-bin-52.6.0"

References
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[  1 ] CVE-2017-7753
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7753
[  2 ] CVE-2017-7779
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7779
[  3 ] CVE-2017-7784
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7784
[  4 ] CVE-2017-7785
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7785
[  5 ] CVE-2017-7786
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7786
[  6 ] CVE-2017-7787
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7787
[  7 ] CVE-2017-7791
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7791
[  8 ] CVE-2017-7792
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7792
[  9 ] CVE-2017-7793
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7793
[ 10 ] CVE-2017-7800
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7800
[ 11 ] CVE-2017-7801
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7801
[ 12 ] CVE-2017-7802
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7802
[ 13 ] CVE-2017-7803
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7803
[ 14 ] CVE-2017-7805
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7805
[ 15 ] CVE-2017-7807
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7807
[ 16 ] CVE-2017-7809
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7809
[ 17 ] CVE-2017-7810
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7810
[ 18 ] CVE-2017-7814
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7814
[ 19 ] CVE-2017-7818
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7818
[ 20 ] CVE-2017-7819
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7819
[ 21 ] CVE-2017-7823
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7823
[ 22 ] CVE-2017-7824
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7824
[ 23 ] CVE-2017-7825
       https://nvd.nist.gov/nvd.cfm?cvename=3DCVE-2017-7825
[ 24 ] CVE-2017-7826
       https://nvd.nist.gov/vuln/detail/CVE-2017-7826
[ 25 ] CVE-2017-7828
       https://nvd.nist.gov/vuln/detail/CVE-2017-7828
[ 26 ] CVE-2017-7829
       https://nvd.nist.gov/vuln/detail/CVE-2017-7829
[ 27 ] CVE-2017-7830
       https://nvd.nist.gov/vuln/detail/CVE-2017-7830
[ 28 ] CVE-2017-7846
       https://nvd.nist.gov/vuln/detail/CVE-2017-7846
[ 29 ] CVE-2017-7847
       https://nvd.nist.gov/vuln/detail/CVE-2017-7847
[ 30 ] CVE-2017-7848
       https://nvd.nist.gov/vuln/detail/CVE-2017-7848
[ 31 ] CVE-2018-5089
       https://nvd.nist.gov/vuln/detail/CVE-2018-5089
[ 32 ] CVE-2018-5095
       https://nvd.nist.gov/vuln/detail/CVE-2018-5095
[ 33 ] CVE-2018-5096
       https://nvd.nist.gov/vuln/detail/CVE-2018-5096
[ 34 ] CVE-2018-5097
       https://nvd.nist.gov/vuln/detail/CVE-2018-5097
[ 35 ] CVE-2018-5098
       https://nvd.nist.gov/vuln/detail/CVE-2018-5098
[ 36 ] CVE-2018-5099
       https://nvd.nist.gov/vuln/detail/CVE-2018-5099
[ 37 ] CVE-2018-5102
       https://nvd.nist.gov/vuln/detail/CVE-2018-5102
[ 38 ] CVE-2018-5103
       https://nvd.nist.gov/vuln/detail/CVE-2018-5103
[ 39 ] CVE-2018-5104
       https://nvd.nist.gov/vuln/detail/CVE-2018-5104
[ 40 ] CVE-2018-5117
       https://nvd.nist.gov/vuln/detail/CVE-2018-5117
[ 41 ] Mozilla Foundation Security Advisory 2017-20
       https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
[ 42 ] Mozilla Foundation Security Advisory 2017-23
       https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/
[ 43 ] Mozilla Foundation Security Advisory 2017-26
       https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
[ 44 ] Mozilla Foundation Security Advisory 2017-30
       https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
[ 45 ] Mozilla Foundation Security Advisory 2018-04
       https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/

Availability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201803-14

Concerns?
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=3D=3D=3D=3D=3D=3D=3D

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

--y2zxS2PfCDLh6JVG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEiDRK3jyVBE/RkymqpRQw84X1dt0FAlq73eoACgkQpRQw84X1
dt2/8Af/TFogyAXEZCQKoeqCFy/KY1Zvi5XHLixLlFoawZX/t0Wyjo+xtohbrvA2
JF5Qq6c/iOvDpfoRROntq+b8SGwrEQq47I+clZY6kL6GgnJOIVTeFp7F8PSByPW3
hnjP52IJGZoUwLVUQlNc8Kha/b3Tb6Zdx9hz9edVNxUYznDW6Ettg7JLFVogr+GF
5t3dEAPsJUjcEN3xEczQ4RorZPgXnwqRov6JIR6nSoSbokF5uyaJA5YHboYxyKIc
VICJiTVuQ8hC1HbKVTevw3UYiqrLjxYA/dhzLoBYH7gJQsO9ZtxcUIIvGaMw1wft
e/4N4sBvHsoc6jxpMVp05OrH3b8clA==
=6uHR
-----END PGP SIGNATURE-----

--y2zxS2PfCDLh6JVG--