-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4802-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 03, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2020-26970

Chiaki Ishikawa discovered a stack overflow in SMTP server status
handling which could potentially result in the execution of arbitrary
code.

For the stable distribution (buster), this problem has been fixed in
version 1:78.5.1-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/JMC0ACgkQEMKTtsN8
TjZeShAAgivS+u2/fbEGFo5qfh/h8a7jqgQb+k+i1SErM8CEKeiKr5hv2LqLu4eo
DfiJEDD4axbvcSBiJQprWVeEMXGw+zyVeY27wH5xlFiDNkJYqavGr+2KoHrleD93
9/SdZC+FdNNpG2AmVQUXkuJrFiAoCw46G6BYtkH9qh9xKXBtu7gyMnIRBHX1aZH9
RHYC0gCsnZMW7yNuz+kQIeF2ON1UngdZENsMJk6jyxYyTMY8oc2mVi14zbMDdctn
XCZrdpkFgiKmxb6sTUXw9CMxEsGI6nEFYhy9QLnDkBukuxes+9V468WHKxT/pAaB
TfX4JaOfI7aY8qr/y2QQ6Os7BKaFYgpCMXZI9rP80/F2Qp9Z5hsKnlrg1kLnR+sa
ZI6iyLPNgLsmvy/EFydU4/vMNwF/40vhnhEMbXX1mPmbS/mxxY1H4Tl0NQWQkDLb
j4/5zTvJmY/VaYG+XbPNztAv9C6ARQCw0D+XEndz9WnNACUMSI605UUQSEghizaO
kXpPoMj9CC9UaoKezwNZpVe6t/OsSAbAx61o5tHGfC5GPY84CjZ1MUTTAaFFKiZ1
uuWiW1g4kzTuQi+yJALDXe3W7tm2AaBHQQr7+/jneQuepexUzuJq6aefDD/NzYej
HCV8u/rGKA48AiyLfnRItxiZRCODIT2QKrO4solcOnr5K2VEFP8=
=fYKv
-----END PGP SIGNATURE-----