The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 8 LTS:
DLA 1678-1: thunderbird security update
DLA 1679-1: php5 security update
Debian GNU/Linux 9:
DSA 4392-1: thunderbird security update
Debian GNU/Linux 8 LTS:
DLA 1678-1: thunderbird security update
DLA 1679-1: php5 security update
Debian GNU/Linux 9:
DSA 4392-1: thunderbird security update
DLA 1678-1: thunderbird security update
Package : thunderbird
Version : 1:60.5.1-1~deb8u1
CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505.
CVE-2018-18509 CVE-2019-5785
Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code, denial of service
or spoofing of S/MIME signatures.
For Debian 8 "Jessie", these problems have been fixed in version
1:60.5.1-1~deb8u1.
We recommend that you upgrade your thunderbird packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DLA 1679-1: php5 security update
Package : php5
Version : 5.6.40+dfsg-0+deb8u1
Several security bugs have been identified and fixed in php5, a
server-side, HTML-embedded scripting language. The affected components
include GD graphics, multi-byte string handling, phar file format
handling, and xmlrpc.
CVEs have not yet been assigned. Once the CVE assignments are
announced, the Debian Security Tracker will be updated with the relevant
information.
For Debian 8 "Jessie", this problems have been fixed in version
5.6.40+dfsg-0+deb8u1.
We recommend that you upgrade your php5 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4392-1: thunderbird security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4392-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2018-18356 CVE-2018-18500 CVE-2018-18501
CVE-2018-18505 CVE-2018-18509 CVE-2019-5785
Multiple security issues have been found in the Thunderbird mail client,
which could lead to the execution of arbitrary code, denial of service
or spoofing of S/MIME signatures.
For the stable distribution (stretch), these problems have been fixed in
version 1:60.5.1-1~deb9u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
