| Summary: | <mail-client/thunderbird{,-bin}-60.7.1: multiple vulnerabilities (MFSA-2019-17) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | mozilla |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/ | ||
| Whiteboard: | A2 [glsa+ cve] | ||
| Package list: |
mail-client/thunderbird-60.7.1
|
Runtime testing required: | --- |
|
Description
GLSAMaker/CVETool Bot
2019-06-13 23:11:09 UTC
CVE-2019-11703: Heap buffer overflow in icalparser.c
Impact
high
Description
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11704: Heap buffer overflow in icalvalue.c
Impact
high
Description
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11705: Stack buffer overflow in icalrecur.c
Impact
high
Description
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash.
CVE-2019-11706: Type confusion in icalproperty.c
Impact
low
Description
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.
x86 stable amd64 stable This issue was resolved and addressed in GLSA 201908-20 at https://security.gentoo.org/glsa/201908-20 by GLSA coordinator Thomas Deutschmann (whissi). |
