-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2289
          Multiple vulnerabilities in thunderbird affect Debian 8
                               26 June 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11708 CVE-2019-11707 

Reference:         ASB-2019.0166
                   ESB-2019.2274
                   ESB-2019.2273
                   ESB-2019.2250
                   ESB-2019.2245

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2019/06/msg00024.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : thunderbird
Version        : 1:60.7.2-1~deb8u1
CVE ID         : CVE-2019-11707 CVE-2019-11708

Multiple security issues have been found in Thunderbird which may lead
to the execution of arbitrary code if malformed email messages are read.

For Debian 8 "Jessie", these problems have been fixed in version
1:60.7.2-1~deb8u1.

We recommend that you upgrade your thunderbird packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl0R53YACgkQnUbEiOQ2
gwJygRAAhmsa0VtJx8GcNvQmbjsb3UMpcda8QLRSKBcSWlQ5eKiRPs+NTI07H+RR
WsurSfKe27j44aHhNP8qoZSV9XhzTDltem8Ib+uwTkK27zw24XCxFHGzNeN91dbX
kPe9WygkGjdjeSvXfTeQmjjLbJ55ynM6wAZtLzyht2ED2by4YHpEYvlWjXdv7iAb
PXdM0c8j1/c6JVnFCIz2S6KQej+J5Qpk2J2Z5zkvq3jXJsWHmmLGW0rD/JY75oAm
34x4qEs8nWmxc8GqK1lKX193U0OwtZ8aqrGYDUt9m8995tIcmZygciCjG68LEZIX
uBRXYBLJr2neETzTDL8RZ+6uWFshdnKBo4BHeB9siDCc8/CsSIUWsA9NNPJS54kK
lShSakgjYm+4XDibwqaQwpl/qkXFwFe0Ovoay+wHIVKiItX1nnYDqyesfudrqcof
ZyHQeShEbrbb2k9o34xyKUdcDGoO96d0UxCFGp3+eB7o/iLvX3vPEHG6qTCb3XIA
ZNpUMfwU5pOpIemoJgx5IiVZYZ0MwrF6GNhk3iP4DvLMbOAIYROv8JNAd/k4pKr7
YEMy/aBGdy+PM9l/vq7F1YbdtEPoMyjKPjDFqkR2jfsQA7m8be9FJoGj/Pjn7xZ8
aRmMY3/KBYvF0ViQ9P+Pk5Esb/OQVlz44H0HmDtOGKCPuYbApKA=
=dqrK
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXRK2T2aOgq3Tt24GAQiRVBAAk1LB5aL2lHaOvrUsOeTCUfC4IrGl/rEM
1kZbpwx7JhPdl1ZYG6bay6VQMqBtQ1sDbanKh6aBdJsZBcS7bJxgHoqFZh1gwlFT
AS9zyd48mhHWhe3jlJNstpMr+FhmzvYCuQgQWAm+WdgwdDJihecksOBkb9fjAAxH
6QDR+BgIR+Gya52qifjh+cn3/iOJsAigp0SP8LZCLj2aiRgxuxw/OqKTnVtpvhIj
w1XzA64UcGd737fSkk8TNJeMxsiThpBYFVwy4Hz9o44a0KcSZ6C7DMhgaDyCmdm3
qnxrqPtIncRaY4wneNnzenRM/tCGkS+M42lpJDx1st1uuDqs3+AWK6zYWWyzsLqx
4NendkxIl6vv+Zc60Yi7MgQfc6SNe2Q+AcwxaNQvGLf3IJZvJ19yalu4LPve0Ns8
1DdRXqsCcMF329T9Svy+VWTCbEyIm08QlEPvE7gBbp2JhsI4kPh0YgZ3GhZPjLBR
vps0BYK+KiVvYkQQaWPPbsZ6oSp0OvSXA5GDGOx5UocEzR2gUkQc+t7U5367GFpF
HHwyFPU6qScEhs1TtR8HuwUJArDZ0ek4EfoOI2tXLquwa5MqJaZ0tjhxxokzV7jf
a/8o8qL51pd9m1P0MPAW/rkLfvhL88dqx1RMF3zrNnCa2pfzM1W4nMNlnBopWcWH
T4DEIa7Uao4=
=+dQr
-----END PGP SIGNATURE-----