[Bug 283357] security/vuxml: update entry for mail/thunderbird

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 283357] security/vuxml: update entry for mail/thunderbird"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 16 Dec 2024 05:46:25 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283357

John Hein <jcfyecrayz@liamekaens.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #255886|                            |maintainer-approval?(ports-
              Flags|                            |secteam@FreeBSD.org)

--- Comment #2 from John Hein <jcfyecrayz@liamekaens.com> ---
Created attachment 255886
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=255886&action=edit
[patch] update thunderbird vuxml per upstream advisories

Attached is an update to security/vuxml/vuln/2024.xml, but it may not be
sufficient.  At first I was just going to change the vulnerable version from '<
133' to < '128.5'.  But I think that it's safe to assume that the range from
129 - 132 is vulnerable.

I can't find a reference from Mozilla describing an analysis that might
indicate the starting version for these CVEs.  So while the 129-132 range may
be too broad, it's probably better to be safe and assume that range is affected
by the CVEs as well.

So this patch defines the vulnerable range for thunderbird as:
   (< 128.5) and (>= 129 and < 133)

-- 
You are receiving this mail because:
You are on the CC list for the bug.