Summary: | <mail-client/thunderbird{,-bin}-60.7.1: multiple vulnerabilities (MFSA-2019-17) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mozilla |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/ | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
mail-client/thunderbird-60.7.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-06-13 23:11:09 UTC
CVE-2019-11703: Heap buffer overflow in icalparser.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11704: Heap buffer overflow in icalvalue.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11705: Stack buffer overflow in icalrecur.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11706: Type confusion in icalproperty.c Impact low Description A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. x86 stable amd64 stable This issue was resolved and addressed in GLSA 201908-20 at https://security.gentoo.org/glsa/201908-20 by GLSA coordinator Thomas Deutschmann (whissi). |