tags 505563 + confirmed tags 505563 + pending thanks Yes,
2.0.0.18 was released last week. Also add MFSA 2008-59 to the list of addressed issues. I was disclosed on release day and doesn't have a CVE on mozilla site: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html According to my records that is CVE-2008-4582. On Thu, Nov 13, 2008 at 04:08:02PM +0100, Giuseppe Iuculano wrote: > Package: icedove > Severity: critical > Tags: security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > The following SA (Secunia Advisory) id was published for Thunderbird: > > SA32715[1] > > Description: > Some vulnerabilities have been reported in Mozilla Thunderbird, which > can be exploited by malicious people to disclose sensitive information, > bypass certain security restrictions, or compromise a user's system. > > For more information: > SA32693 > > The vulnerabilities are reported in versions prior to 2.0.0.18. > > Solution: > The vulnerabilities will be fixed in the upcoming 2.0.0.18 version. > > The vendor recommends disabling JavaScript support. > > Original Advisory: > http://www.mozilla.org/security/announce/2008/mfsa2008-48.html > http://www.mozilla.org/security/announce/2008/mfsa2008-50.html > http://www.mozilla.org/security/announce/2008/mfsa2008-52.html > http://www.mozilla.org/security/announce/2008/mfsa2008-55.html > http://www.mozilla.org/security/announce/2008/mfsa2008-56.html > http://www.mozilla.org/security/announce/2008/mfsa2008-58.html > > Other References: > SA32693[2] > > CVE reference: > CVE-2008-5012 > CVE-2008-5014 > CVE-2008-5017 > CVE-2008-5018 > CVE-2008-5021 > CVE-2008-5022 > CVE-2008-5024 > > If you fix the vulnerability please also make sure to include the the > CVE id in the changelog entry. > > [1]http://secunia.com/advisories/32715/ > [2]http://secunia.com/advisories/32693/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkkcQtAACgkQNxpp46476ao5OwCeNCFW4/5lurndSIqfTBQtkC4i > u6EAn0NS5yuBbdPRyHFDYxVdjEPKSIZI > =41lt > -----END PGP SIGNATURE----- > > > - Alexander -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
