[SECURITY] [DLA 1806-1] thunderbird security update

2019-05-2708:46:54

lists.debian.org

202

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

8.5 High

AI Score

Confidence

Low

0.684 Medium

EPSS

Percentile

98.0%

JSON

Package : thunderbird
Version : 1:60.7.0-1~deb8u1
CVE ID : CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797
CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819
CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693
CVE-2019-11698

Multiple security issues have been found in Thunderbird: Multiple
vulnerabilities may lead to the execution of arbitrary code or denial of
service.

For Debian 8 "Jessie", these problems have been fixed in version
1:60.7.0-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8alliceweasel-l10n-bs< 1:60.7.0esr-1~deb8u1iceweasel-l10n-bs_1:60.7.0esr-1~deb8u1_all.deb
Debian8alliceowl-l10n-fi< 1:60.7.0-1~deb8u1iceowl-l10n-fi_1:60.7.0-1~deb8u1_all.deb
Debian9allicedove-l10n-he< 1:60.7.0-1~deb9u1icedove-l10n-he_1:60.7.0-1~deb9u1_all.deb
Debian8alllightning-l10n-de< 1:60.7.0-1~deb8u1lightning-l10n-de_1:60.7.0-1~deb8u1_all.deb
Debian8alliceweasel-l10n-et< 1:60.7.0esr-1~deb8u1iceweasel-l10n-et_1:60.7.0esr-1~deb8u1_all.deb
Debian9allthunderbird-l10n-da< 1:60.7.0-1~deb9u1thunderbird-l10n-da_1:60.7.0-1~deb9u1_all.deb
Debian9allicedove-l10n-fr< 1:60.7.0-1~deb9u1icedove-l10n-fr_1:60.7.0-1~deb9u1_all.deb
Debian9allicedove-l10n-pt-br< 1:60.7.0-1~deb9u1icedove-l10n-pt-br_1:60.7.0-1~deb9u1_all.deb
Debian9allicedove-l10n-zh-tw< 1:60.7.0-1~deb9u1icedove-l10n-zh-tw_1:60.7.0-1~deb9u1_all.deb
Debian9allthunderbird-l10n-si< 1:60.7.0-1~deb9u1thunderbird-l10n-si_1:60.7.0-1~deb9u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	iceweasel-l10n-bs	< 1:60.7.0esr-1~deb8u1	iceweasel-l10n-bs_1:60.7.0esr-1~deb8u1_all.deb
Debian	8	all	iceowl-l10n-fi	< 1:60.7.0-1~deb8u1	iceowl-l10n-fi_1:60.7.0-1~deb8u1_all.deb
Debian	9	all	icedove-l10n-he	< 1:60.7.0-1~deb9u1	icedove-l10n-he_1:60.7.0-1~deb9u1_all.deb
Debian	8	all	lightning-l10n-de	< 1:60.7.0-1~deb8u1	lightning-l10n-de_1:60.7.0-1~deb8u1_all.deb
Debian	8	all	iceweasel-l10n-et	< 1:60.7.0esr-1~deb8u1	iceweasel-l10n-et_1:60.7.0esr-1~deb8u1_all.deb
Debian	9	all	thunderbird-l10n-da	< 1:60.7.0-1~deb9u1	thunderbird-l10n-da_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	icedove-l10n-fr	< 1:60.7.0-1~deb9u1	icedove-l10n-fr_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	icedove-l10n-pt-br	< 1:60.7.0-1~deb9u1	icedove-l10n-pt-br_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	icedove-l10n-zh-tw	< 1:60.7.0-1~deb9u1	icedove-l10n-zh-tw_1:60.7.0-1~deb9u1_all.deb
Debian	9	all	thunderbird-l10n-si	< 1:60.7.0-1~deb9u1	thunderbird-l10n-si_1:60.7.0-1~deb9u1_all.deb