it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5921-1] thunderbird security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5921-1] thunderbird security update
Date: Fri, 16 May 2025 19:28:03 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/aCeRwxpnJfp6vq1a AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5pplH0vPIg5MIVdgdQKWJreSGfJmYB87i5bxaChtIH4=; b=X8 CFZviNTphC8N2eAXqW+33Nc4+4mW5lDkPeeGDqcKZWa6Lqk/srr5lC1PcGSEj6hh5vCmz8EruVInA ZkR/lfBak+QSxQukDyxY4EPnPtZSxiD6fNVivDK/oC8y24YaOtyDoaV5oNBlgeWSg6ffrvDq35ch2 edC6sAay/b7UOJWOT97/QfkkxSNzX9hEFISFQeeL6WVg6KIUTGZ2V6A4NPelkovuHwZPJKBj2ArEg ns1D6kV9cZGONM05KN5vnZcWS8yv63bSmqY1LjDc9K4JpAyolOKjFucry30mzvnkRMpEPJjZs1NZ0 YYkPKARS+xmFszhTse4/uFyTbOS86I4A==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 16 May 2025 19:28:27 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <uCzaB5JAUqG.A.jqND.bH5JoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5921-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 16, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932

Multiple security issues were discovered in Thunderbird, which could
result in spoofing of From: mail headers, execution of JavaScript or
information disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 1:128.10.1esr-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgnj+0ACgkQEMKTtsN8
TjaeFBAAh3eWJ9Lnkevk8a486b1Iz5t+L4384QjQwklPMRmJRHdiodBvNl8G91ZJ
8COQBLMC8N3xbgoSIFmCVlJMENADGNjHM1NOiLNmcy1lF1Ek7QjVmKC/K9EEpljj
g+3HbkBRhDHG967O9oumIGOWbyzIfJPlwKBQtdjBLiSVN3EwdV/FGpDz5YZbM+BW
nhhtwJ2v/zoq/5m+1McJrqxvkvdScf2MOILsIzSPmL/+I5t2/Kdec7sKsPylOlxb
Lptlu/80OmCPfiNFEl7Zee5s9UqYSPW/4ykJLY6TRcZKlaV7loNCW7OtR1ycIQfy
NI0AyFFxAd3dCc/wfp1xcT9BwdlyCpm7tu6FMft24+GJxEgN0x/E9paO7YZOvly4
sUXKCfvBEUK7wpsJkBtXNwLOm9TDF+0gMpb8sTO3VHLlWKYRNWQ4VL7WB1Y2xHol
dYx+CeZkNXOhbgGdl2NJuwZc+A1wbNNwVfX5c9WvGaljbLNYM6stFEwc8M03TeHV
Zc9kH2LTXhbdfoBLhUCNzOt+iZrYxm6vy7dvb50v2xWphVOr5NgDSFwf7S3I9OvK
ULnso7a7WUVrWV69151tJ1clxAQgHa1Cj8ENMtbgfHOQG+iUVqh+1jls5Ivns9SI
whNEFC4EqErBsewsqor2Bve1zsyDeoywZCxByFHaDUHldwkxFkw=
=LU0K
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5921-1] thunderbird security update, Moritz Muehlenhoff, 16.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.