Debian Security Advisory

DSA-2499-1 icedove -- several vulnerabilities

Date Reported:
24 Jun 2012
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1939, CVE-2012-1940.
More information:

Several vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (CVE-2012-1937, CVE-2012-1939) and a use-after-free issue (CVE-2012-1940).

For the stable distribution (squeeze), these problems have been fixed in version 3.0.11-1+squeeze11.

We recommend that you upgrade your icedove packages.