CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could be processed If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. More vulnerabilities at tracker. Fixed in 78.12. Still need bump for -bin.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8979757af1f878471fdac154fd132e4942db2ed commit d8979757af1f878471fdac154fd132e4942db2ed Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-07-21 11:09:48 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-21 11:09:48 +0000 mail-client/thunderbird-bin: drop 78.11.0 Bug: https://bugs.gentoo.org/802759 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 ---- .../thunderbird-bin/thunderbird-bin-78.11.0.ebuild | 378 --------------------- 2 files changed, 444 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=338e4b1fe6a0856ba94eeacc770facc5218996ee commit 338e4b1fe6a0856ba94eeacc770facc5218996ee Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-07-21 11:09:00 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-21 11:09:00 +0000 mail-client/thunderbird-bin: add 78.12.0 Bug: https://bugs.gentoo.org/802759 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 ++++ .../thunderbird-bin/thunderbird-bin-78.12.0.ebuild | 378 +++++++++++++++++++++ 2 files changed, 444 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33648758419ed0b3ab4b047a8b09e7f09ed217d1 commit 33648758419ed0b3ab4b047a8b09e7f09ed217d1 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-07-21 13:23:35 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-21 13:29:28 +0000 mail-client/thunderbird: stabilize 78.12.0 for amd64 Bug: https://bugs.gentoo.org/802759 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-78.12.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7e94d01f13b3b7dee80058c3f5b6bede6abb653 commit e7e94d01f13b3b7dee80058c3f5b6bede6abb653 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-07-21 12:36:23 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-21 13:29:28 +0000 mail-client/thunderbird: stabilize 78.12.0 for x86 Bug: https://bugs.gentoo.org/802759 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-78.12.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Gonna wait for ~2 days before cleaning the old version, just in case.
(In reply to Joonas Niilola from comment #3) > Gonna wait for ~2 days before cleaning the old version, just in case. Thank you!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d0cf19c70d0483f79f7dcaa744c97dc7ad55e1d commit 6d0cf19c70d0483f79f7dcaa744c97dc7ad55e1d Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2021-07-23 19:03:51 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-23 19:05:45 +0000 mail-client/thunderbird: security cleanup Bug: https://bugs.gentoo.org/802759 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/Manifest | 66 -- mail-client/thunderbird/thunderbird-78.11.0.ebuild | 1108 -------------------- 2 files changed, 1174 deletions(-)
Package list is empty or all packages have requested keywords.
