Vulnerability CVE-2022-1197: Information

Description

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-1197
Published: Dec. 22, 2022
Modified: Dec. 29, 2022
Error type identifier: CWE-295

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
thunderbirdsisyphus91.9.1-alt1115.9.0-alt1ALT-PU-2022-1941-1297983Fixed
thunderbirdp1091.9.1-alt1115.9.0-alt1ALT-PU-2022-1951-1300611Fixed
thunderbirdp991.10.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-2053-1301653Fixed
thunderbirdc10f191.9.1-alt1115.9.0-alt0.c10.1ALT-PU-2022-1951-1300611Fixed
thunderbirdc9f291.9.1-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2022-1983-1300972Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1754985
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-15/
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      91.8
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top