lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 13 Jun 2016 23:16:57 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3601-1] icedove security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3601-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 13, 2016                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icedove
CVE ID         : CVE-2016-2806

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

Debian follows the extended support releases (ESR) of Thunderbird. Support
for the 38.x series has ended, so starting with this update we're now
following the 45.x releases.

For the stable distribution (jessie), this problem has been fixed in
version 1:45.1.0-1~deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 1:45.1.0-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:45.1.0-1.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXXyJvAAoJEBDCk7bDfE42M8QP/iAmYII6iL8oHW6I1puOUk0E
jzItHHNBAeD062fkwZb1XkkCBxKxYf8OE9V85YHyaKVeKonBQcWwBZs643amHXiT
3QO4TFuBxqHo7T7AsVWWDNLyvqAY/9VkwK9VGC9J/AIklWnokS/aplDoL6OQSNcb
T+Jz0PHQUcIb9S+rCvNofQxWdBWG+Jm8WtOAs4pBpPCT1idxMgSpG4PxTsaZqJMG
yxs3ZirQMcI2Q0u6FG123Gx9wOQpVH+X6eMOiOGMv4vWXKoWteXK+CytAqCIH0gH
C8fcWerEnxJNtsdH5RwnlUxiZuiXypIDBWNKJHsR41QEkd+qIhdIictZZTl2i2Sl
dz/1BpD86qiR1PZHlJ5Sm2xUypaSg8aEK+1AQq0R0LiAVyx8AfP2YSJjmkjX/nJ0
3JBhrdp+6kZt2dXpeO5KjjKIt7EGfvayoSMQFtbX3AERn36BA+EiHYM0MES6z9qY
jSDR5vALSjxLGQCdew4HWeYd8xyP1pWZdbd6hJDEOfMt3sX+maQa2mdE0igHGpn0
P9FF2n2f3f7RzpLExug0zNAieMzoY5lzLErR1AiN0ZEJe2DQvsWCb074h1uhbEa0
AOLvqnZG2QfBEqlkjf2e/87zAlQKDL9EV3/ZiM1uTq69Lr97DtoGziIoJHLq/SdH
tK0Oyw/PleDWj3iuijre
=laTd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ