157 lines
6.7 KiB
JSON
157 lines
6.7 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142301",
|
|
"Version": "oval:org.altlinux.errata:def:20142301",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2301: package `thunderbird` update to version 31.2.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2301",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2301",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1587",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1587",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1590",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1590",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1592",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1592",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1593",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1593",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-1594",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-1594",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades thunderbird to version 31.2.0-alt1. \nSecurity Fix(es):\n\n * CVE-2014-1587: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.\n\n * CVE-2014-1590: The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.\n\n * CVE-2014-1592: Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.\n\n * CVE-2014-1593: Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.\n\n * CVE-2014-1594: Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.\n\n * MFSA 2014-74: description unavailable\n\n * MFSA 2014-75: description unavailable\n\n * MFSA 2014-76: description unavailable\n\n * MFSA 2014-77: description unavailable\n\n * MFSA 2014-79: description unavailable\n\n * MFSA 2014-81: description unavailable",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-10-26"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-10-26"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-1587",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1587",
|
|
"Impact": "Low",
|
|
"Public": "20141211"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1590",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1590",
|
|
"Impact": "Low",
|
|
"Public": "20141211"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1592",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "NVD-CWE-Other",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1592",
|
|
"Impact": "Low",
|
|
"Public": "20141211"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1593",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-119",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1593",
|
|
"Impact": "Low",
|
|
"Public": "20141211"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-1594",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-1594",
|
|
"Impact": "Low",
|
|
"Public": "20141211"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301001",
|
|
"Comment": "rpm-build-thunderbird is earlier than 0:31.2.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301002",
|
|
"Comment": "thunderbird is earlier than 0:31.2.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301003",
|
|
"Comment": "thunderbird-devel is earlier than 0:31.2.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301004",
|
|
"Comment": "thunderbird-enigmail is earlier than 0:31.2.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301005",
|
|
"Comment": "thunderbird-google-calendar is earlier than 0:31.2.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142301006",
|
|
"Comment": "thunderbird-lightning is earlier than 0:31.2.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |