Author: ken
Date: Fri Mar 26 11:56:47 2021
New Revision: 1753
Log:
Security Advisory for thunderbird-78.9.0, correct one link re qtwebengine
systemd.
Modified:
html/trunk/blfs/advisories/10.1.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html Thu Mar 25 23:52:31 2021
(r1752)
+++ html/trunk/blfs/advisories/10.1.html Fri Mar 26 11:56:47 2021
(r1753)
@@ -113,7 +113,25 @@
supplemental JARs (PDFBox and FontBox) in FOP to 2.0.23 if you have
FOP installed.
<a href="consolidated.html#10.1-010">10.1-010</a></p>
-
+
+ <!-- end of PDFBox -->
+
+ <h3>Thunderbird</h3>
+
+ <!-- to save putting this in each thunderbird advisory: -->
+ <p><i>In general, flaws in Mozilla advisories for Thunderbird cannot be
+ exploited through email in the Thunderbird product because scripting is
+ disabled when reading mail, but are potentially risks in browser or
+ browser-like contexts.</i></p>
+
+ <a id="10.1-012">
+ <h4>10.1 012 Thunderbird Date: 2021-02-26 Severity: High</h4>
+ <p>In Thunderbird before 78.9.0 there were two vulnerabilities rated as
+ High. To fix these update to 78.9.0 or later.
+ <a href="consolidated.html#10.1-012">10.1-012</a></p>
+
+ <!-- end of Thunderbird -->
+
<h3>QtWebEngine</h3>
<a id="10.1-002">
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Thu Mar 25 23:52:31
2021 (r1752)
+++ html/trunk/blfs/advisories/consolidated.html Fri Mar 26 11:56:47
2021 (r1753)
@@ -80,6 +80,18 @@
<p>There are currently no known security vulnerabilities for the latest
releases of the books.</p>
-->
+ <a id="10.1-012">
+ <h4>10.1 012 Thunderbird Date: 2021-02-26 Severity: High</h4>
+ <p>In Thunderbird before 78.9.0 there were two vulnerabilities rated as
+ High for linux systems (the angle graphics item only applies to MS
Windows), see
+ <a
href="https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/";>mfsa2021-12</a>.
+ CVEs have been assigned (CVE-2021-23981, CVE-2021-23987),
+ but details are not yet public.</p>
+ <p>To fix these, update to thunderbird-78.9.0 or later using the
instructions
+ for
+ <a href="../view/svn/xsoft/thunderbird.html">Thunderbird (sysv)</a> or
+ <a href="../view/systemd/xsoft/thunderbird.html">Thunderbird
(systemd)</a>.</p>
+
<a id="10.1-011">
<h4>10.1 011 OpenSSL (LFS) Date: 2021-03-26 Severity: Critical</h4>
<p>In OpenSSL-1.1.1k, two high severity security vulnerabilities were
fixed.
@@ -219,7 +231,7 @@
for installing that as 5.15.2 to match Qt5 (or update to a later version)
using the instructions at
<a href="../view/svn/x/qtwebengine.html">QtWebEngine (sysv)</a>, or
- <a href="../view/svn-systemd/x/qtwebengine.html">QtWebEngine
(systemd)</a>.</p>
+ <a href="../view/systemd/x/qtwebengine.html">QtWebEngine (systemd)</a>.</p>
<a id="10.1-001">
<h4>10.1 001 OpenSSH Date: 2021-03-03 Severity: Medium</h4>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
