[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-5824 as affecting thunderbird

Emilio Pozuelo Monfort pochu at debian.org
Wed Jan 30 09:07:39 GMT 2019 

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
23d5928c by Emilio Pozuelo Monfort at 2019-01-30T09:06:50Z
Mark CVE-2016-5824 as affecting thunderbird

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -135199,6 +135199,7 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service
 	- libical <unfixed> (bug #860451)
 	[stretch] - libical <no-dsa> (Minor issue)
 	[jessie] - libical <no-dsa> (Minor issue)
+	- thunderbird 1:60.5.0-1
 	NOTE: Original report: https://github.com/libical/libical/issues/235
 	NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
 	NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
@@ -135207,6 +135208,8 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service
 	NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
 	NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
 	NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
+	NOTE: thunderbird uses embedded libical copy
 CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows ...)
 	- libical 1.0-1
 	[wheezy] - libical <no-dsa> (Only possible denial of service, not severe enough to solve)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23d5928c487f3c7dba551a964e1d78528502d854
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190130/6689d43c/attachment.html>

More information about the debian-security-tracker-commits mailing list