Opened 5 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#15055 closed enhancement (fixed)

thunderbird-78.10.2

Reported by: Bruce Dubbs Owned by: Tim Tassonis
Priority: elevated Milestone: 10.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:2 by Tim Tassonis, 5 weeks ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:3 by Tim Tassonis, 4 weeks ago

Resolution: fixed
Status: assignedclosed

Fixed in commit c483003c1a

comment:4 by Douglas R. Reno, 4 weeks ago

Priority: normalelevated
Mozilla Foundation Security Advisory 2021-22
Security Vulnerabilities fixed in Thunderbird 78.10.2

Announced
    May 17, 2021
Impact
    low
Products
    Thunderbird
Fixed in

        Thunderbird 78.10.2

#CVE-2021-29957: Partial protection of inline OpenPGP message not indicated

Reporter
    Cure53
Impact
    low

Description

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.
References

    Bug 1673241

#CVE-2021-29956: Thunderbird stored OpenPGP secret keys without master password protection

Reporter
    Participants on the Thunderbird E2EE Mailing List
Impact
    low

Description

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions.
References

    Bug 1710290

I'll file a Low severity SA later

Note: See TracTickets for help on using tickets.