MGASA-2024-0006
- Source
- https://advisories.mageia.org/MGASA-2024-0006.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2024-0006
- Related
- Published
- 2024-01-12T12:36:35Z
- Modified
- 2024-01-12T12:21:36Z
- Summary
- Updated thunderbird thunderbird-l10n packages fix security vulnerabilities
- Details
-
The updated packages fix security vulnerabilities: Truncated signed text was shown with a valid OpenPGP signature. (CVE-2023-50762) S/MIME signature accepted despite mismatching message date. (CVE-2023-50761) Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856) Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857) Heap buffer overflow in nsTextFragment. (CVE-2023-6858) Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859) Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860) Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861) Use-after-free in nsDNSService. (CVE-2023-6862) Undefined behavior in ShutdownObserver(). (CVE-2023-6863) Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:rpm/mageia/thunderbird?distro=mageia-9
Mageia:9 / thunderbird-l10n
Package
- Name
- thunderbird-l10n
- Purl
- pkg:rpm/mageia/thunderbird-l10n?distro=mageia-9