You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gentoo-overlay/metadata/glsa/glsa-202208-14.xml

165 lines
11 KiB

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="202208-14">
<title>Mozilla Thunderbird: Multiple Vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.</synopsis>
<product type="ebuild">thunderbird,thunderbird-bin</product>
<announced>2022-08-10</announced>
<revised count="1">2022-08-10</revised>
<bug>794085</bug>
<bug>802759</bug>
<bug>807943</bug>
<bug>811912</bug>
<bug>813501</bug>
<bug>822294</bug>
<bug>828539</bug>
<bug>831040</bug>
<bug>833520</bug>
<bug>834805</bug>
<bug>845057</bug>
<bug>846596</bug>
<bug>849047</bug>
<bug>857048</bug>
<bug>864577</bug>
<access>remote</access>
<affected>
<package name="mail-client/thunderbird" auto="yes" arch="*">
<unaffected range="ge">91.12.0</unaffected>
<vulnerable range="lt">91.12.0</vulnerable>
</package>
<package name="mail-client/thunderbird-bin" auto="yes" arch="*">
<unaffected range="ge">91.12.0</unaffected>
<vulnerable range="lt">91.12.0</vulnerable>
</package>
</affected>
<background>
<p>Mozilla Thunderbird is a popular open-source email client from the Mozilla project.</p>
</background>
<description>
<p>Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type="high">
<p>Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Mozilla Thunderbird users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-91.12.0"
</code>
<p>All Mozilla Thunderbird binary users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-91.12.0"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4129">CVE-2021-4129</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-4140">CVE-2021-4140</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29967">CVE-2021-29967</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29969">CVE-2021-29969</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29970">CVE-2021-29970</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29976">CVE-2021-29976</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29980">CVE-2021-29980</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29984">CVE-2021-29984</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29985">CVE-2021-29985</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29986">CVE-2021-29986</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29988">CVE-2021-29988</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-29989">CVE-2021-29989</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-30547">CVE-2021-30547</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38492">CVE-2021-38492</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38493">CVE-2021-38493</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38495">CVE-2021-38495</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38503">CVE-2021-38503</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38504">CVE-2021-38504</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38506">CVE-2021-38506</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38507">CVE-2021-38507</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38508">CVE-2021-38508</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-38509">CVE-2021-38509</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-40529">CVE-2021-40529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43528">CVE-2021-43528</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43529">CVE-2021-43529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43536">CVE-2021-43536</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43537">CVE-2021-43537</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43538">CVE-2021-43538</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43539">CVE-2021-43539</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43541">CVE-2021-43541</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43542">CVE-2021-43542</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43543">CVE-2021-43543</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43545">CVE-2021-43545</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2021-43546">CVE-2021-43546</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0566">CVE-2022-0566</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1196">CVE-2022-1196</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1197">CVE-2022-1197</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1520">CVE-2022-1520</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1529">CVE-2022-1529</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1802">CVE-2022-1802</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1834">CVE-2022-1834</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2200">CVE-2022-2200</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2226">CVE-2022-2226</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22737">CVE-2022-22737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22738">CVE-2022-22738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22739">CVE-2022-22739</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22740">CVE-2022-22740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22741">CVE-2022-22741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22742">CVE-2022-22742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22743">CVE-2022-22743</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22745">CVE-2022-22745</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22747">CVE-2022-22747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22748">CVE-2022-22748</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22751">CVE-2022-22751</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22754">CVE-2022-22754</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22756">CVE-2022-22756</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22759">CVE-2022-22759</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22760">CVE-2022-22760</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22761">CVE-2022-22761</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22763">CVE-2022-22763</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-22764">CVE-2022-22764</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24713">CVE-2022-24713</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26381">CVE-2022-26381</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26383">CVE-2022-26383</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26384">CVE-2022-26384</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26386">CVE-2022-26386</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26387">CVE-2022-26387</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26485">CVE-2022-26485</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26486">CVE-2022-26486</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28281">CVE-2022-28281</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28282">CVE-2022-28282</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28285">CVE-2022-28285</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28286">CVE-2022-28286</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28289">CVE-2022-28289</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29909">CVE-2022-29909</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29911">CVE-2022-29911</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29912">CVE-2022-29912</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29913">CVE-2022-29913</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29914">CVE-2022-29914</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29916">CVE-2022-29916</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29917">CVE-2022-29917</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31736">CVE-2022-31736</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31737">CVE-2022-31737</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31738">CVE-2022-31738</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31740">CVE-2022-31740</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31741">CVE-2022-31741</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31742">CVE-2022-31742</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31747">CVE-2022-31747</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34468">CVE-2022-34468</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34470">CVE-2022-34470</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34472">CVE-2022-34472</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34478">CVE-2022-34478</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34479">CVE-2022-34479</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34481">CVE-2022-34481</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34484">CVE-2022-34484</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36318">CVE-2022-36318</uri>
<uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36319">CVE-2022-36319</uri>
<uri>MOZ-2021-0007</uri>
<uri>MOZ-2021-0008</uri>
</references>
<metadata tag="requester" timestamp="2022-08-10T04:08:55.757755Z">ajak</metadata>
<metadata tag="submitter" timestamp="2022-08-10T04:08:55.760111Z">ajak</metadata>
</glsa>