Bug 18264

Summary: Firefox and Thunderbird 45
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Florian Hubold <doktor5000>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: doktor5000
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/685008/
Whiteboard:
Source RPM: firefox, thunderbird CVE:
Status comment:
Bug Depends on: 18224, 18428, 18616, 18654    
Bug Blocks: 18349    

Description David Walser 2016-04-25 19:54:24 CEST 
Thunderbird 45 is available as of April 12:
https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/

It fixes some security issues:
https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

The only ones that appear to not have already been fixed (in nss or FF/TB 38.7):
https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/

We will need to update libpng (already committed in SVN) to build this, and they will need to be switched to use bundled sqlite3 for now.
David Walser 2016-04-25 19:54:42 CEST

URL: (none) => http://lwn.net/Vulnerabilities/685008/

Comment 1 David Walser 2016-04-27 11:24:32 CEST 
Firefox 45.1 is available as of April 26:
https://www.mozilla.org/en-US/firefox/45.1.0/releasenotes/

We can push Firefox 38.8 first and get it released, as it contains the same security fixes.  Then we'll need to get 45.1 packaged for testing.

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Marja Van Waes 2016-05-04 14:39:56 CEST

Blocks: (none) => 18349

Comment 2 Florian Hubold 2016-05-05 16:04:30 CEST 
@David: Wouldn't it make more sense to only track FF 45 in this bug, and use https://bugs.mageia.org/show_bug.cgi?id=18224 for TB 45 ?

FWIW, thunderbird-45.0-1.mga6 and -l10n packages have been pushed already to cauldron, and tests on mga5 look fine too. Will try to look for the backported upstream patches that fedora has, and then push to mga5 too.

If Thierry doesn't beat me to it, can also take a look for FF 45, but only after TB has been pushed to mga5.

CC: (none) => doktor5000

Comment 3 David Walser 2016-05-05 16:37:56 CEST 
I don't see any particular reason to separate them, since this is only preliminary testing to make sure things are OK before we update to 45.2, which we'll actually want to release, but if you want to use separate bugs for them, that's fine too.  As for FF, nobody's going to beat you to it.
David Walser 2016-05-10 15:15:21 CEST

Depends on: (none) => 18428

David Walser 2016-05-10 15:15:55 CEST

Depends on: (none) => 18224

Comment 4 David Walser 2016-05-10 15:16:31 CEST 
OK Shlomi made another bug report for Firefox, so we can use those bugs and this will just be a useless tracker.
David Walser 2016-06-09 18:09:50 CEST

Depends on: (none) => 18616, 18654

Comment 5 David Walser 2016-07-14 22:38:03 CEST 
Finally fully fixed :D

Status: NEW => RESOLVED
Resolution: (none) => FIXED