Incoming details.
CVE-2019-11703: Heap buffer overflow in icalparser.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11704: Heap buffer overflow in icalvalue.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11705: Stack buffer overflow in icalrecur.c Impact high Description A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. CVE-2019-11706: Type confusion in icalproperty.c Impact low Description A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.
x86 stable
amd64 stable
This issue was resolved and addressed in GLSA 201908-20 at https://security.gentoo.org/glsa/201908-20 by GLSA coordinator Thomas Deutschmann (whissi).