MGASA-2023-0147

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0147.html

Import Source

https://advisories.mageia.org/MGASA-2023-0147.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2023-0147

Related

Published

2023-04-15T19:03:44Z

Modified

2023-04-15T17:54:14Z

Summary

Updated thunderbird packages fix security vulnerability

Details

Fullscreen notification obscured. (CVE-2023-29533) Double-free in libwebp. (MFSA-TMP-2023-0001) Potential Memory Corruption following Garbage Collector compaction. (CVE-2023-29535) Invalid free from JavaScript code. (CVE-2023-29536) Revocation status of S/Mime recipient certificates was not checked. (CVE-2023-0547) Hang when processing certain OpenPGP messages. (CVE-2023-29479) Content-Disposition filename truncation leads to Reflected File Download. (CVE-2023-29539) Files with malicious extensions could have been downloaded unsafely on Linux. (CVE-2023-29541) Memory Corruption in Safe Browsing Code. (CVE-2023-1945) Incorrect optimization result on ARM64. (CVE-2023-29548) Memory safety bugs fixed in Thunderbird 102.10. (CVE-2023-29550)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.10.0-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

102.10.0-1.mga8

Ecosystem specific

{
    "section": "core"
}