Opened 7 years ago

Closed 7 years ago

#8673 closed enhancement (fixed)

thunderbird-45.6.0 (CVE-2016-9899 CVE-2016-9895 CVE-2016-9900 CVE-2016-9905 CVE-2016-9893 CVE-2016-9901 CVE-2016-9902)

Reported by: Douglas R. Reno Owned by: bdubbs@…
Priority: high Milestone: 8.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version

Release notes not available, will check later

Change History (4)

comment:1 by Douglas R. Reno, 7 years ago

Priority: normalhigh 
1404083 - CVE-2016-9899 Mozilla: Use-after-free while manipulating DOM events and audio elements (MFSA 2016-94, MFSA 2016-95)
1404086 - CVE-2016-9895 Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)
1404090 - CVE-2016-9900 Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)
1404094 - CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
1404096 - CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)
1404358 - CVE-2016-9901 Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)
1404359 - CVE-2016-9902 Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)

comment:2 by Douglas R. Reno, 7 years ago

Summary: thunderbird-45.6.0thunderbird-45.6.0 (CVE-2016-9899 CVE-2016-9895 CVE-2016-9900 CVE-2016-9905 CVE-2016-9893 CVE-2016-9901 CVE-2016-9902)

comment:3 by bdubbs@…, 7 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:4 by bdubbs@…, 7 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 18105.

It's disappointing that the seds in the book to prevent c++ scope errors are still needed.

Note: See TracTickets for help on using tickets.