[thunderbird] [CVE-2008-0591] missing fix in USN-582-1/2?
Bug #199412 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thunderbird (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2) misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://
- MDVSA-2008:062 (http://
If Ubuntu's Thunderbird is not affected by CVE-2008-0591, then sorry for reporting this, but I thought "better safe than sorry".
Related branches
CVE References
description: | updated |
Changed in thunderbird: | |
status: | New → Confirmed |
Changed in thunderbird: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
The MFSA states that this only affected Firefox: www.mozilla. org/security/ announce/ 2008/mfsa2008- 08.html
http://
However the CVE lists Thunderbird below 2.0.0.12 is affected.
Alexander, is Thunderbird actually affected by this and in which update? I can update the USN accordingly if Thunderbird is affected.