* CVE-2020-12410 Description: "Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." * CVE-2020-12398 Description: "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection."
Sanity check failed: > mail-client/thunderbird-68.9.0 > depend ppc64 stable profile default/linux/powerpc/ppc64/17.0/64bit-userland (9 total) > >=dev-util/cbindgen-0.8.7 > depend ppc64 dev profile default/linux/ppc64le/17.0/desktop/plasma (2 total) > >=dev-util/cbindgen-0.8.7
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17f55e1b324b7eec6a44f4c0c67362eb6ab07fa4 commit 17f55e1b324b7eec6a44f4c0c67362eb6ab07fa4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-06-04 22:20:45 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 22:21:01 +0000 mail-client/thunderbird-bin: security cleanup Bug: https://bugs.gentoo.org/727118 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/thunderbird-bin/Manifest | 166 ------------------ .../thunderbird-bin/thunderbird-bin-60.9.1.ebuild | 189 --------------------- .../thunderbird-bin/thunderbird-bin-68.8.0.ebuild | 182 -------------------- .../thunderbird-bin/thunderbird-bin-68.8.1.ebuild | 182 -------------------- 4 files changed, 719 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49692752cdf114588c51696622bc72020392a6c3 commit 49692752cdf114588c51696622bc72020392a6c3 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-06-04 22:20:06 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 22:21:00 +0000 mail-client/thunderbird: security cleanup Bug: https://bugs.gentoo.org/727118 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/thunderbird/Manifest | 54 -- mail-client/thunderbird/thunderbird-68.8.1.ebuild | 777 ---------------------- 2 files changed, 831 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cbdc236c9d392006e0c07cfcabb223f704fd7ead commit cbdc236c9d392006e0c07cfcabb223f704fd7ead Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-06-04 22:17:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 22:20:58 +0000 mail-client/thunderbird: amd64 & x86 stable Bug: https://bugs.gentoo.org/727118 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/thunderbird/thunderbird-68.9.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
This issue was resolved and addressed in GLSA 202006-19 at https://security.gentoo.org/glsa/202006-19 by GLSA coordinator Aaron Bauman (b-man).
