Opened 9 years ago

Closed 9 years ago

#7171 closed enhancement (fixed)

thunderbird-38.4.0

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Fernando de Oliveira)

This is a Security Release

https://ftp.mozilla.org/pub/thunderbird/releases/38.4.0/source/thunderbird-38.4.0.source.tar.bz2

https://ftp.mozilla.org/pub/thunderbird/releases/38.4.0/SHA512SUMS

93f1a40c9d3a5c46904ab7faa1aa19c636489789988c11b439eb9c8de635df709ac32fae776a8fd31a77c71629131939e933fa3ba87ce789910dbb652661a791

https://ftp.mozilla.org/pub/thunderbird/releases/38.4.0/SHA512SUMS.asc

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.4.0

Security Advisories for Thunderbird 

Not available.

But apparently it is based on Firefox ESR 38.4, because the URL given in the "releasenotes" is:

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.4 

Security Advisories for Firefox ESR
Impact key

Fixed in Firefox ESR 38.4

Critical
  • 2015-133 NSS and NSPR memory corruption issues
  • 2015-131 Vulnerabilities found through code inspection
  • 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)

High
  • 2015-130 JavaScript garbage collection crash with Java applet
  • 2015-128 Memory corruption in libjar through zip files
  • 2015-127 CORS preflight is bypassed when non-standard Content-Type
    headers are received
  • 2015-123 Buffer overflow during image interactions in canvas
  • 2015-122 Trailing whitespace in IP address hostnames can bypass
    same-origin policy

Moderate
  • 2015-132 Mixed content WebSocket policy bypass through workers

Low
   None

https://www.mozilla.org/en-US/thunderbird/38.4.0/releasenotes/ 

Thunderbird Notes
Version 38.4.0, first offered to Release channel users on November 23,
2015

Check out "What’s New" and "Known Issues" for this version of
Thunderbird below. As always, you’re encouraged to tell us what you
think, or file a bug in Bugzilla. If interested, please see the complete
list of changes in this release.

What’s New

  • Various security fixes

  • Fixed issue where messages moves of multiple messages from a maildir
    folder to an mbox folder failed.

Change History (3)

comment:1 by Fernando de Oliveira, 9 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:2 by Fernando de Oliveira, 9 years ago

Description: modified (diff)

Sorry, had given wrong sha512sum.

comment:3 by Fernando de Oliveira, 9 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16685.

Note: See TracTickets for help on using tickets.