Advisories ยป MGASA-2020-0142

Updated thunderbird packages fix security vulnerabilities

Publication date: 14 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20503 , CVE-2020-6805 , CVE-2020-6806 , CVE-2020-6807 , CVE-2020-6811 , CVE-2020-6812 , CVE-2020-6814


The updated packages fix a security vulnerabilities:

Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)

Use-after-free when removing data about origins. (CVE-2020-6805)

BodyStream::OnInputStreamReady was missing protections against state
confusion. (CVE-2020-6806)

Use-after-free in cubeb during stream destruction. (CVE-2020-6807)

Devtools' 'Copy as cURL' feature did not fully escape website-controlled
data, potentially leading to command injection. (CVE-2020-6811)

The names of AirPods with personally identifiable information were exposed
to websites with camera or microphone permission. (CVE-2020-6812)

Memory safety bugs fixed in Thunderbird 68.6. (CVE-2020-6814)