MGASA-2021-0584 - Updated thunderbird packages fix security vulnerability Publication date: 23 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0584.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-4126, CVE-2021-44538 OpenPGP signature status doesn't consider additional message content. (CVE-2021-4126) Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. (CVE-2021-44538) References: - https://bugs.mageia.org/show_bug.cgi?id=29794 - https://www.thunderbird.net/en-US/thunderbird/91.4.1/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538 SRPMS: - 8/core/thunderbird-91.4.1-1.mga8 - 8/core/thunderbird-l10n-91.4.1-1.mga8