| Summary: | Thunderbird 52.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | doktor5000, lewyssmith, mageia, marja11, mhrambo3501, nicolas.salguero, sysadmin-bugs, tarazed25, westel |
| Version: | 6 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO mga5-32-ok MGA6-64-OK advisory | ||
| Source RPM: | thunderbird | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-08-17 03:24:06 CEST
David Walser
2017-08-17 03:24:31 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO Assigning to the registered maintainer. CC:
(none) =>
marja11 openSUSE has issued an advisory for this today (August 18): https://lists.opensuse.org/opensuse-updates/2017-08/msg00083.html
Nicolas Lécureuil
2017-08-20 00:05:58 CEST
Version:
Cauldron =>
6 pushed in updates_testing
src.rpm:
thunderbird-52.3.0-1.mga6
thunderbird-52.3.0-1.mga5
(In reply to Nicolas Lécureuil from comment #3) > pushed in updates_testing > src.rpm: > thunderbird-52.3.0-1.mga6 > thunderbird-52.3.0-1.mga5 Don't forget thunderbird-l10n. Built so far...: thunderbird-52.3.0-1.mga5 thunderbird-enigmail-52.3.0-1.mga5 thunderbird-52.3.0-1.mga6 thunderbird-enigmail-52.3.0-1.mga6 i've completly forgoten this :) thunderbird-l10n-52.3.0-1.mga6 and thunderbird-l10n-52.3.0-1.mga5 are now available Assignee:
doktor5000 =>
qa-bugs Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://access.redhat.com/errata/RHSA-2017:2456 ======================== Updated packages in core/updates_testing: ======================== thunderbird-52.3.0-1.mga5 thunderbird-enigmail-52.3.0-1.mga5 thunderbird-ar-52.3.0-1.mga5 thunderbird-ast-52.3.0-1.mga5 thunderbird-be-52.3.0-1.mga5 thunderbird-bg-52.3.0-1.mga5 thunderbird-bn_BD-52.3.0-1.mga5 thunderbird-br-52.3.0-1.mga5 thunderbird-ca-52.3.0-1.mga5 thunderbird-cs-52.3.0-1.mga5 thunderbird-cy-52.3.0-1.mga5 thunderbird-da-52.3.0-1.mga5 thunderbird-de-52.3.0-1.mga5 thunderbird-el-52.3.0-1.mga5 thunderbird-en_GB-52.3.0-1.mga5 thunderbird-en_US-52.3.0-1.mga5 thunderbird-es_AR-52.3.0-1.mga5 thunderbird-es_ES-52.3.0-1.mga5 thunderbird-et-52.3.0-1.mga5 thunderbird-eu-52.3.0-1.mga5 thunderbird-fi-52.3.0-1.mga5 thunderbird-fr-52.3.0-1.mga5 thunderbird-fy_NL-52.3.0-1.mga5 thunderbird-ga_IE-52.3.0-1.mga5 thunderbird-gd-52.3.0-1.mga5 thunderbird-gl-52.3.0-1.mga5 thunderbird-he-52.3.0-1.mga5 thunderbird-hr-52.3.0-1.mga5 thunderbird-hsb-52.3.0-1.mga5 thunderbird-hu-52.3.0-1.mga5 thunderbird-hy_AM-52.3.0-1.mga5 thunderbird-id-52.3.0-1.mga5 thunderbird-is-52.3.0-1.mga5 thunderbird-it-52.3.0-1.mga5 thunderbird-ja-52.3.0-1.mga5 thunderbird-ko-52.3.0-1.mga5 thunderbird-lt-52.3.0-1.mga5 thunderbird-nb_NO-52.3.0-1.mga5 thunderbird-nl-52.3.0-1.mga5 thunderbird-nn_NO-52.3.0-1.mga5 thunderbird-pa_IN-52.3.0-1.mga5 thunderbird-pl-52.3.0-1.mga5 thunderbird-pt_BR-52.3.0-1.mga5 thunderbird-pt_PT-52.3.0-1.mga5 thunderbird-ro-52.3.0-1.mga5 thunderbird-ru-52.3.0-1.mga5 thunderbird-si-52.3.0-1.mga5 thunderbird-sk-52.3.0-1.mga5 thunderbird-sl-52.3.0-1.mga5 thunderbird-sq-52.3.0-1.mga5 thunderbird-sv_SE-52.3.0-1.mga5 thunderbird-ta_LK-52.3.0-1.mga5 thunderbird-tr-52.3.0-1.mga5 thunderbird-uk-52.3.0-1.mga5 thunderbird-vi-52.3.0-1.mga5 thunderbird-zh_CN-52.3.0-1.mga5 thunderbird-zh_TW-52.3.0-1.mga5 thunderbird-52.3.0-1.mga6 thunderbird-enigmail-52.3.0-1.mga6 thunderbird-ar-52.3.0-1.mga6 thunderbird-ast-52.3.0-1.mga6 thunderbird-be-52.3.0-1.mga6 thunderbird-bg-52.3.0-1.mga6 thunderbird-bn_BD-52.3.0-1.mga6 thunderbird-br-52.3.0-1.mga6 thunderbird-ca-52.3.0-1.mga6 thunderbird-cs-52.3.0-1.mga6 thunderbird-cy-52.3.0-1.mga6 thunderbird-da-52.3.0-1.mga6 thunderbird-de-52.3.0-1.mga6 thunderbird-el-52.3.0-1.mga6 thunderbird-en_GB-52.3.0-1.mga6 thunderbird-en_US-52.3.0-1.mga6 thunderbird-es_AR-52.3.0-1.mga6 thunderbird-es_ES-52.3.0-1.mga6 thunderbird-et-52.3.0-1.mga6 thunderbird-eu-52.3.0-1.mga6 thunderbird-fi-52.3.0-1.mga6 thunderbird-fr-52.3.0-1.mga6 thunderbird-fy_NL-52.3.0-1.mga6 thunderbird-ga_IE-52.3.0-1.mga6 thunderbird-gd-52.3.0-1.mga6 thunderbird-gl-52.3.0-1.mga6 thunderbird-he-52.3.0-1.mga6 thunderbird-hr-52.3.0-1.mga6 thunderbird-hsb-52.3.0-1.mga6 thunderbird-hu-52.3.0-1.mga6 thunderbird-hy_AM-52.3.0-1.mga6 thunderbird-id-52.3.0-1.mga6 thunderbird-is-52.3.0-1.mga6 thunderbird-it-52.3.0-1.mga6 thunderbird-ja-52.3.0-1.mga6 thunderbird-ko-52.3.0-1.mga6 thunderbird-lt-52.3.0-1.mga6 thunderbird-nb_NO-52.3.0-1.mga6 thunderbird-nl-52.3.0-1.mga6 thunderbird-nn_NO-52.3.0-1.mga6 thunderbird-pa_IN-52.3.0-1.mga6 thunderbird-pl-52.3.0-1.mga6 thunderbird-pt_BR-52.3.0-1.mga6 thunderbird-pt_PT-52.3.0-1.mga6 thunderbird-ro-52.3.0-1.mga6 thunderbird-ru-52.3.0-1.mga6 thunderbird-si-52.3.0-1.mga6 thunderbird-sk-52.3.0-1.mga6 thunderbird-sl-52.3.0-1.mga6 thunderbird-sq-52.3.0-1.mga6 thunderbird-sv_SE-52.3.0-1.mga6 thunderbird-ta_LK-52.3.0-1.mga6 thunderbird-tr-52.3.0-1.mga6 thunderbird-uk-52.3.0-1.mga6 thunderbird-vi-52.3.0-1.mga6 thunderbird-zh_CN-52.3.0-1.mga6 thunderbird-zh_TW-52.3.0-1.mga6 from SRPMS: thunderbird-52.3.0-1.mga5.src.rpm thunderbird-l10n-52.3.0-1.mga5.src.rpm thunderbird-52.3.0-1.mga6.src.rpm thunderbird-l10n-52.3.0-1.mga6.src.rpm
Mga5 32
# urpmi thunderbird
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Updates Testing (distrib5)")
thunderbird 52.3.0 1.mga5 i586
thunderbird-en_GB 52.3.0 1.mga5 noarch
Proceed with the installation of the 2 packages? (Y/n) y
installing
thunderbird-52.3.0-1.mga5.i586.rpm
thunderbird-en_GB-52.3.0-1.mga5.noarch.rpm
Preparing...
1/2: thunderbird
2/2: thunderbird-en_GB
1/2: removing thunderbird-en_GB-52.2.1-1.mga5.noarch
2/2: removing thunderbird-0:52.2.1-1.mga5.i586
$ thunderbird
launches ok
send mail to pop3 - ok.
retrieve mail from pop3 - okWhiteboard:
MGA5TOO =>
MGA5TOO|| Mga5-32-ok| Cleaned up the whiteboard...Ben, please be careful. Updating the advisory with an updated reference. RedHat has issued an advisory for this today (August 24): https://access.redhat.com/errata/RHSA-2017:2534 Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://access.redhat.com/errata/RHSA-2017:2534 Whiteboard:
MGA5TOO|| Mga5-32-ok| =>
MGA5TOO mga5-32-ok mga6 x86_64 Version 52.3.0 in place and still getting mail on a Google IMAP account. Calendar functional. The add-on Silvermel continues to be incompatible with the current version of Thunderbird - maybe incompatible with Linux. AddressBook working. Last message sent has not bounced yet. Good for 64-bits CC:
(none) =>
tarazed25
Len Lawrence
2017-08-24 15:30:01 CEST
Whiteboard:
MGA5TOO mga5-32-ok =>
MGA5TOO mga5-32-ok MGA6-64-OK Advisory from comments 7 & 9. Validating as we have 1 OK per release, 1 for each architecture. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0303.html Status:
NEW =>
RESOLVED |