Security Information / 2017 / Security Information -- DSA-3832-1 icedove

Debian Security Advisory

DSA-3832-1 icedove -- security update

Date Reported:

20 Apr 2017

Affected Packages:

icedove

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396, CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410.

More information:

Multiple security issues have been found in Thunderbird, which may may lead to the execution of arbitrary code or information leaks.

With this update, the Icedove packages are de-branded back to the official Mozilla branding. With the removing of the Debian branding the packages are also renamed back to the official names used by Mozilla.

The Thunderbird package is using a different default profile folder, the default profile folder is now '$(HOME)/.thunderbird'. The users profile folder, that was used in Icedove, will get migrated to the new profile folder on the first start, that can take a little bit more time.

Please read README.Debian for getting more information about the changes.

For the stable distribution (jessie), these problems have been fixed in version 1:45.8.0-3~deb8u1.

We recommend that you upgrade your icedove packages.