[Bug 1796126] Re: Thunderbird is out of date for two months when Thunderbird 60 was released

Martin misc at bretschneidernet.de
Fri Oct 12 15:51:34 UTC 2018


@Robie Basak (racb): You are partly right that some security bugs have
been fixed in Thunderbird 52.9.1 packages in Ubuntu (I haven't seen
that). I also checked the CVE but it seems that at least three
"critical" or "high" security bugs are no yet fixed in Ubuntus
Thunderbird:

Security vulnerabilities fixed in Thunderbird 60
(https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/):

1. CVE-2018-5156 (Media recorder segmentation fault when track type is changed during 
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5156.html) is only fixed in Firefox

2. CVE-2018-12361 (Integer overflow in SwizzleData 
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12361.html) is only fixed in Firefox 

Security vulnerabilities fixed in Thunderbird 60.2.1
(https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/)

3. CVE-2018-12377 (Use-after-free in refresh driver timers
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12377.html) is only fixed in Firefox and Thunderbird "needs-triage".

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12361

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12377

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5156

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1796126

Title:
  Thunderbird is out of date for two months when Thunderbird 60 was
  released

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1796126/+subscriptions



More information about the Ubuntu-mozillateam-bugs mailing list