Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 951564 (CVE-2025-26695, CVE-2025-26696) - <mail-client/thunderbird{-bin,}-128.8.0: multiple vulnerabilities
Summary: <mail-client/thunderbird{-bin,}-128.8.0: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2025-26695, CVE-2025-26696
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A3 [glsa?]
Keywords:
Depends on:
Blocks: CVE-2024-43097, CVE-2025-1931, CVE-2025-1932, CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1938, MFSA2025-14, MFSA2025-16, MFSA2025-18
  Show dependency tree
 
Reported: 2025-03-18 19:21 UTC by Christopher Fore
Modified: 2025-03-28 13:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2025-03-18 19:21:25 UTC 
CVE-2025-26696:

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted.


CVE-2025-26695:

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address.



Please refer to the tracker for the full list of CVEs that affect all Mozilla products.
Comment 1 Larry the Git Cow gentoo-dev 2025-03-28 06:22:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19af2101b2850add133302853473f1ed6708f54c

commit 19af2101b2850add133302853473f1ed6708f54c
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2025-03-28 06:19:33 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2025-03-28 06:19:33 +0000

    mail-client/thunderbird-bin: drop 128.7.0, 128.7.1, 128.8.0, 136.0
    
    Bug: https://bugs.gentoo.org/951564
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-client/thunderbird-bin/Manifest               | 264 --------------------
 .../thunderbird-bin/thunderbird-bin-128.7.0.ebuild | 274 ---------------------
 .../thunderbird-bin/thunderbird-bin-128.7.1.ebuild | 274 ---------------------
 .../thunderbird-bin/thunderbird-bin-128.8.0.ebuild | 274 ---------------------
 .../thunderbird-bin/thunderbird-bin-136.0.ebuild   | 274 ---------------------
 5 files changed, 1360 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1252b67ba9f413e337566bda24b19a0146b6600a

commit 1252b67ba9f413e337566bda24b19a0146b6600a
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2025-03-28 06:19:11 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2025-03-28 06:19:11 +0000

    mail-client/thunderbird: drop 128.7.0, 128.7.1, 136.0
    
    Bug: https://bugs.gentoo.org/951564
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-client/thunderbird/Manifest                   |  197 ----
 mail-client/thunderbird/thunderbird-128.7.0.ebuild | 1166 --------------------
 mail-client/thunderbird/thunderbird-128.7.1.ebuild | 1166 --------------------
 mail-client/thunderbird/thunderbird-136.0.ebuild   | 1162 -------------------
 4 files changed, 3691 deletions(-)