Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#68991 - [thunderbird] [Security] multiple issues (including CVE-2020-16042)

Attached to Project: Arch Linux
Opened by Jonathon (jonathon) - Tuesday, 15 December 2020, 20:27 GMT
Last edited by Levente Polyak (anthraxx) - Friday, 08 January 2021, 23:11 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Summary
=======

The package thunderbird is vulnerable to multiple issues including arbitrary code execution, content spoofing and information disclosure via CVE-2020-35113, CVE-2020-35111, CVE-2020-26978, CVE-2020-26974, CVE-2020-26973, CVE-2020-26971 and CVE-2020-16042.

CVE-2020-16042 is listed as Critical.

Guidance
========

Will build and run fine with existing PKGBUILD and patches; just needs a bump and build.

References
==========

https://security.archlinux.org/AVG-1365
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111
https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
https://bugzilla.mozilla.org/show_bug.cgi?id=1677047
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
https://bugzilla.mozilla.org/show_bug.cgi?id=1681022
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
https://crbug.com/1151890
This task depends upon

Closed by  Levente Polyak (anthraxx)
Friday, 08 January 2021, 23:11 GMT
Reason for closing:  Fixed
Additional comments about closing:  78.6.0-1

Loading...