[thunderbird] [CVE-2008-0591] missing fix in USN-582-1/2?
Bug #199412 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| thunderbird (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: thunderbird
It seems like the latest USN for Thunderbird (see USN-582-1 and USN-582-2) misses a fix for CVE-2008-0591 when compared to:
- DSA-1485-1 (http://
- MDVSA-2008:062 (http://
If Ubuntu's Thunderbird is not affected by CVE-2008-0591, then sorry for reporting this, but I thought "better safe than sorry".
Related branches
CVE References
| description: | updated |
| Changed in thunderbird: | |
| status: | New → Confirmed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
Revision history for this message
| Alexander Sack (asac) wrote Re: [Bug 199412] Re: [thunderbird] [CVE-2008-0591] missing fix in USN-582-1/2? | #2 |
| Changed in thunderbird: | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
The MFSA states that this only affected Firefox:
http://
However the CVE lists Thunderbird below 2.0.0.12 is affected.
Alexander, is Thunderbird actually affected by this and in which update? I can update the USN accordingly if Thunderbird is affected.