Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-472-2 icedove

Debian Security Advisory

DLA-472-2 icedove -- LTS security update

Date Reported:

18 May 2016

Affected Packages:

icedove

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-1979, CVE-2016-2805, CVE-2016-2807.

More information:

The security update for icedove did not build on armhf. This is resolved by this upload.

The text of the original DLA follows:

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client. Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.

For Debian 7 Wheezy, this problem has been fixed in version 38.8.0-1~deb7u1.

We recommend that you upgrade your icedove packages.