[SECURITY] [DLA 3196-1] thunderbird security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3196-1] thunderbird security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 17 Nov 2022 12:54:17 +0100 (CET)
Message-id: <[🔎] 20221117115417.E834F2A161A@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3196-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 17, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : thunderbird
Version        : 1:102.5.0-1~deb10u1
CVE ID         : CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406
                 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411
                 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420
                 CVE-2022-45421

Multiple security issues were discovered in Thunderbird, which could
potentially result in the execution of arbitrary code, information
disclosure, spoofing or bypass of the SameSite cookie policy.

For Debian 10 buster, these problems have been fixed in version
1:102.5.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmN2IOcACgkQnUbEiOQ2
gwK0wRAAut+ytTo/yMalV9+23+bg056aOi5sbXlxIC9ugUB8u9guC9yFi3kc05Zr
eCTH7IZYoi6CyXPGNLTvbf6/MynoJn89H6re7yvCDwGBPdKwW5wMWsgoWxWxMD06
L59nRt9GC3IvTPhEtzSV5N6CbOheKE+5zACjuas99sefWgYqlScwjIM/ZKgWDFgA
qZk7JOsNjUBYdrVV6zVsq3i7GtJAH95W/yzXaKsBwXZLfvRGS5d6q+NXVIEICOOc
P8XGJJvaKa2u/8B8fyo9GSMOmyhu/qfLcJrEb8E0VoCqc5eTmriyeDqaF2IWKEaQ
l3J7ZpwEvuhVlA9eUi/vaQoFii5b0v2y9H2NDUDH+IW6AqVTGnHq84E2ez8e577G
Kxx1h75dUgImWhPx+9VDE1Fpba3QdtHZeq8/hSIiiKZvDblL6kv4bjlT6ljOwYSK
l05h5LdpV0zQW3lQCblVXekxNvUchdtuUF50vf0aQFE9GVpaR2SLqVF2Bg5JPH7p
b/iauzIPZVsDalUak+cpodjVcxhfzdy0z1WGgydURGpW66Y3VzpEYflg0cAuMnru
ePTNwxHtNL9NvvXLuwfKx85Y1jyTbqyNYL2bv7ig/GqXBXrLmBl3zSQPg6hDhP8V
XchsmfNHzMM4yYh09vqmsX3JEAkflJJlf4fzq9MfnxhgIrKgmoo=
=DST7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3195-1] jupyter-core security update
Next by Date: [SECURITY] [DLA 3197-1] phpseclib security update
Previous by thread: [SECURITY] [DLA 3195-1] jupyter-core security update
Next by thread: [SECURITY] [DLA 3197-1] phpseclib security update
Index(es):
- Date
- Thread