Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 926533 (CVE-2024-1936) - <mail-client/thunderbird{-bin,}-115.8.1: leaking of encrypted email subjects to other conversations
Summary: <mail-client/thunderbird{-bin,}-115.8.1: leaking of encrypted email subjects ...
Status: RESOLVED FIXED
Alias: CVE-2024-1936
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: B4 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-08 22:53 UTC by Christopher Fore
Modified: 2024-05-12 05:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2024-03-08 22:53:12 UTC
CVE-2024-1936:

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
Comment 1 Larry the Git Cow gentoo-dev 2024-03-09 10:56:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95239891932a4714a3ce772b9c117d10de99d257

commit 95239891932a4714a3ce772b9c117d10de99d257
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2024-03-09 10:55:56 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-03-09 10:55:56 +0000

    mail-client/thunderbird: stabilize 115.8.1 for amd64
    
    Bug: https://bugs.gentoo.org/926533
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-client/thunderbird/thunderbird-115.8.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf6040a0133c5249f075b827ad929d3ae86c236c

commit bf6040a0133c5249f075b827ad929d3ae86c236c
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2024-03-09 10:55:41 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2024-03-09 10:55:41 +0000

    mail-client/thunderbird: stabilize 115.8.1 for x86
    
    Bug: https://bugs.gentoo.org/926533
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-client/thunderbird/thunderbird-115.8.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-05-12 05:23:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7cb836b306e5508dbb192b5dda8a90ec19f2cfa8

commit 7cb836b306e5508dbb192b5dda8a90ec19f2cfa8
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-12 05:22:33 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-12 05:22:56 +0000

    [ GLSA 202405-32 ] Mozilla Thunderbird: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/925123
    Bug: https://bugs.gentoo.org/926533
    Bug: https://bugs.gentoo.org/930381
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-32.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)