Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23d5928c by Emilio Pozuelo Monfort at 2019-01-30T09:06:50Z
Mark CVE-2016-5824 as affecting thunderbird
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135199,6 +135199,7 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to
cause a denial of service
- libical <unfixed> (bug #860451)
[stretch] - libical <no-dsa> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
+ - thunderbird 1:60.5.0-1
NOTE: Original report: https://github.com/libical/libical/issues/235
NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
@@ -135207,6 +135208,8 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to
cause a denial of service
NOTE: Whilst the upstream commits in issues/251 fix the issue of #251
itself
NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was
assigned
NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
+ NOTE: thunderbird uses embedded libical copy
CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0
allows ...)
- libical 1.0-1
[wheezy] - libical <no-dsa> (Only possible denial of service, not
severe enough to solve)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
