Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 6011-1] thunderbird security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 6011-1] thunderbird security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 6011-1] thunderbird security update
  • Date: Thu, 25 Sep 2025 18:52:09 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; dmarc=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/aNWPWawpa36y0dZy AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Igtzy13xrGyNDgXxrceB4YVVM66pqsUZVoyVWgrkU4A=; b=cu 97CqI1UWI0SjETu+EU2rMB34XMsXM1vKpCSFKN1aQ9njfS4kHAkxRHPyzgEXmQzTuNNm9L5LNkdmh t8nTjBwi4JLLysoCn1zKghD+3DKeh5uKJ3Bq5v0c3juHGuNCck5kNuKX5zDQbAuna85Xpy2cpJGhZ aX9C6Nqs4CT4Znuy9HAw+SNv/x/J9tqphtL2bC4EPqJZBVNNw6BQtukItOW5HrHbfhLa6XXVSGKmM aLcANbAUqnt0Q86GtkZmZUcEVfNmfWJ6Q/dkJEX2bHGUvA2GuOKu7ovV5BYnwfXoaTQOYDC6t/it9 Vo4BptGLdPjK54lcvEfCkjk2YndoFx3g==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 25 Sep 2025 18:52:31 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <6MXJU_brCZI.A.r-2M.v9Y1oB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6011-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 25, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2025-10527 CVE-2025-10528 CVE-2025-10529
CVE-2025-10532 CVE-2025-10533 CVE-2025-10536
CVE-2025-10537

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

Debian follows the Thunderbird upstream releases. Support for the
128.x series has ended, so starting with this update we're now
following the 140.x series.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:140.3.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:140.3.0esr-1~deb13u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjVjRMACgkQEMKTtsN8
TjZOLQ/9EFfLByeImV6erN5fhYQx5IaiOL+dHjdIJSZn7A5Muu64kypJaGJMcQaO
bJ5rcRhOJNg9J3GAlk+kx4SM1g0SKUTwOOwDHSUTUn6uxmF0gaV5V91TUjPNHrTy
sqtRJuHLDD1al6kJ5Lvh3smNLe0eyk6xC7lcEwBLwvmPQY6EocPG893X/HxSgJ7t
sAQUFA74AZ0q53go8E72YmoYS83RJhUP9R44jlSXLX4geMDaGBZ1jy1C7UimfBND
zVLp0aRIJ1g0wNXAJjYalU8V6PoVWKrPjdSoCYCrtVcP5anLZdPVxR72PyLvq1+6
9qPStUFdzkd+wB2dVCGGntlGk9hMt6EG48gPJdF6MoCcCSuOH5JaaiAnfygZXmS2
mF6rLcq2VIANZPYppSSAVyNgnzTcsduge2YJCJIh293Yubf50zZjyzpnh9VBjVMW
aYP2tp/kCicxDXxs2LqewjZtcxxaQW8p5WhRbGWx6sg513Y7Xfc1goKgTiKqguFq
+OnXqnlhw1UhqjjwYCagCS+LqcUsvijgb+SRSIcR0K/ceZm+yrPi7GxltFHyDnYM
fLgWBc1ltVZO/JWWD8VxnkGnuK3gUNGPA5LDk0xW4onL8x5SJf2cxrS7BuSbwsz0
VOPLI+O4cWw0ZfaNsX14Zo6NNUJFa8PePr9EBrKyOki/K2ol5+g=
=mWxs
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 6011-1] thunderbird security update, Moritz Muehlenhoff, 25.09.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang