FS#60424 - [thunderbird] Multiple CVEs in thunderbird 60.0-4
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Tuesday, 16 October 2018, 09:35 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 18 October 2018, 13:41 GMT
Opened by Pascal Ernster (hardfalcon) - Tuesday, 16 October 2018, 09:35 GMT
Last edited by Eli Schwartz (eschwartz) - Thursday, 18 October 2018, 13:41 GMT
|
Details
Thunderbird 60.0-4 contains multiple CVEs, one of which is
considered "critical" by Mozilla, two more are considered
"high", three are "medium" and one is "low":
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/ The package was flagged as out of date two weeks ago, yet there hasn't been any update since, nor have the CVEs been added to https://security.archlinux.org/package/thunderbird |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Thursday, 18 October 2018, 13:41 GMT
Reason for closing: Fixed
Additional comments about closing: thunderbird 60.2.1-1
Thursday, 18 October 2018, 13:41 GMT
Reason for closing: Fixed
Additional comments about closing: thunderbird 60.2.1-1