Security Information / 2012 / Security Information -- DSA-2499-1 icedove

Debian Security Advisory

DSA-2499-1 icedove -- several vulnerabilities

Date Reported:

24 Jun 2012

Affected Packages:

icedove

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1939, CVE-2012-1940.

More information:

Several vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issue (CVE-2012-1940).

For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze11.

We recommend that you upgrade your icedove packages.