| Summary: | Thunderbird 52.5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | herman.viaene, jim, mageia, mhrambo3501, nicolas.salguero, peter.winterflood, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-11-24 16:42:48 CET
David Walser
2017-11-24 16:43:24 CET
Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Use-after-free of PressShell while restyling layout. (CVE-2017-7828) Cross-origin URL information leak through Resource Timing API. (CVE-2017-7830) Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5. (CVE-2017-7826) References: ======================== https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826 Updated packages in 5/core/updates_testing: ======================== thunderbird-52.5.0-1.mga5 thunderbird-enigmail-52.5.0-1.mga5 thunderbird-ar-52.5.0-1.mga5 thunderbird-ast-52.5.0-1.mga5 thunderbird-be-52.5.0-1.mga5 thunderbird-bg-52.5.0-1.mga5 thunderbird-bn_BD-52.5.0-1.mga5 thunderbird-br-52.5.0-1.mga5 thunderbird-ca-52.5.0-1.mga5 thunderbird-cs-52.5.0-1.mga5 thunderbird-cy-52.5.0-1.mga5 thunderbird-da-52.5.0-1.mga5 thunderbird-de-52.5.0-1.mga5 thunderbird-el-52.5.0-1.mga5 thunderbird-en_GB-52.5.0-1.mga5 thunderbird-en_US-52.5.0-1.mga5 thunderbird-es_AR-52.5.0-1.mga5 thunderbird-es_ES-52.5.0-1.mga5 thunderbird-et-52.5.0-1.mga5 thunderbird-eu-52.5.0-1.mga5 thunderbird-fi-52.5.0-1.mga5 thunderbird-fr-52.5.0-1.mga5 thunderbird-fy_NL-52.5.0-1.mga5 thunderbird-ga_IE-52.5.0-1.mga5 thunderbird-gd-52.5.0-1.mga5 thunderbird-gl-52.5.0-1.mga5 thunderbird-he-52.5.0-1.mga5 thunderbird-hr-52.5.0-1.mga5 thunderbird-hsb-52.5.0-1.mga5 thunderbird-hu-52.5.0-1.mga5 thunderbird-hy_AM-52.5.0-1.mga5 thunderbird-id-52.5.0-1.mga5 thunderbird-is-52.5.0-1.mga5 thunderbird-it-52.5.0-1.mga5 thunderbird-ja-52.5.0-1.mga5 thunderbird-ko-52.5.0-1.mga5 thunderbird-lt-52.5.0-1.mga5 thunderbird-nb_NO-52.5.0-1.mga5 thunderbird-nl-52.5.0-1.mga5 thunderbird-nn_NO-52.5.0-1.mga5 thunderbird-pa_IN-52.5.0-1.mga5 thunderbird-pl-52.5.0-1.mga5 thunderbird-pt_BR-52.5.0-1.mga5 thunderbird-pt_PT-52.5.0-1.mga5 thunderbird-ro-52.5.0-1.mga5 thunderbird-ru-52.5.0-1.mga5 thunderbird-si-52.5.0-1.mga5 thunderbird-sk-52.5.0-1.mga5 thunderbird-sl-52.5.0-1.mga5 thunderbird-sq-52.5.0-1.mga5 thunderbird-sv_SE-52.5.0-1.mga5 thunderbird-ta_LK-52.5.0-1.mga5 thunderbird-tr-52.5.0-1.mga5 thunderbird-uk-52.5.0-1.mga5 thunderbird-vi-52.5.0-1.mga5 thunderbird-zh_CN-52.5.0-1.mga5 thunderbird-zh_TW-52.5.0-1.mga6 from SRPMS: thunderbird-52.5.0-1.mga5.src.rpm thunderbird-l10n-52.5.0-1.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== thunderbird-52.5.0-1.mga6 thunderbird-enigmail-52.5.0-1.mga6 thunderbird-ar-52.5.0-1.mga6 thunderbird-ast-52.5.0-1.mga6 thunderbird-be-52.5.0-1.mga6 thunderbird-bg-52.5.0-1.mga6 thunderbird-bn_BD-52.5.0-1.mga6 thunderbird-br-52.5.0-1.mga6 thunderbird-ca-52.5.0-1.mga6 thunderbird-cs-52.5.0-1.mga6 thunderbird-cy-52.5.0-1.mga6 thunderbird-da-52.5.0-1.mga6 thunderbird-de-52.5.0-1.mga6 thunderbird-el-52.5.0-1.mga6 thunderbird-en_GB-52.5.0-1.mga6 thunderbird-en_US-52.5.0-1.mga6 thunderbird-es_AR-52.5.0-1.mga6 thunderbird-es_ES-52.5.0-1.mga6 thunderbird-et-52.5.0-1.mga6 thunderbird-eu-52.5.0-1.mga6 thunderbird-fi-52.5.0-1.mga6 thunderbird-fr-52.5.0-1.mga6 thunderbird-fy_NL-52.5.0-1.mga6 thunderbird-ga_IE-52.5.0-1.mga6 thunderbird-gd-52.5.0-1.mga6 thunderbird-gl-52.5.0-1.mga6 thunderbird-he-52.5.0-1.mga6 thunderbird-hr-52.5.0-1.mga6 thunderbird-hsb-52.5.0-1.mga6 thunderbird-hu-52.5.0-1.mga6 thunderbird-hy_AM-52.5.0-1.mga6 thunderbird-id-52.5.0-1.mga6 thunderbird-is-52.5.0-1.mga6 thunderbird-it-52.5.0-1.mga6 thunderbird-ja-52.5.0-1.mga6 thunderbird-ko-52.5.0-1.mga6 thunderbird-lt-52.5.0-1.mga6 thunderbird-nb_NO-52.5.0-1.mga6 thunderbird-nl-52.5.0-1.mga6 thunderbird-nn_NO-52.5.0-1.mga6 thunderbird-pa_IN-52.5.0-1.mga6 thunderbird-pl-52.5.0-1.mga6 thunderbird-pt_BR-52.5.0-1.mga6 thunderbird-pt_PT-52.5.0-1.mga6 thunderbird-ro-52.5.0-1.mga6 thunderbird-ru-52.5.0-1.mga6 thunderbird-si-52.5.0-1.mga6 thunderbird-sk-52.5.0-1.mga6 thunderbird-sl-52.5.0-1.mga6 thunderbird-sq-52.5.0-1.mga6 thunderbird-sv_SE-52.5.0-1.mga6 thunderbird-ta_LK-52.5.0-1.mga6 thunderbird-tr-52.5.0-1.mga6 thunderbird-uk-52.5.0-1.mga6 thunderbird-vi-52.5.0-1.mga6 thunderbird-zh_CN-52.5.0-1.mga6 thunderbird-zh_TW-52.5.0-1.mga6 from SRPMS: thunderbird-52.5.0-1.mga6.src.rpm thunderbird-l10n-52.5.0-1.mga6.src.rpm Whiteboard:
MGA6TOO, MGA5TOO =>
MGA5TOO
Lewis Smith
2017-11-28 10:59:13 CET
Keywords:
(none) =>
advisory Long time Thunderbird user. Updated three packages, including the en_GB language pack. Thunderbird launched OK and is running fine with settings unchanged. Crosslinks to a browser work fine. Composed a test message for the discuss list and sent it. Address book entries can be edited. All in order. Checked out the calendar; deleted entries and created new ones. Leaving enigmail alone because of previous problems with gnome keyring. Thunderbird looks OK for this system. CC:
(none) =>
tarazed25
Len Lawrence
2017-11-28 11:25:31 CET
Whiteboard:
MGA5TOO =>
MGA5TOO MGA6-64-OK On mga6-32 (in a vbox VM) packages installed cleanly: - thunderbird-52.5.0-1.mga6.i586 - thunderbird-en_GB-52.5.0-1.mga6.noarch Email - POP/SMTP - OK Calendar - OK Address Book - OK Unix Movemail - OK OK for mga6-32 Whiteboard:
MGA5TOO MGA6-64-OK =>
MGA5TOO MGA6-64-OK MGA6-32-OK On mga5-64 packages installed cleanly: - thunderbird-52.5.0-1.mga5.x86_64 - thunderbird-en_GB-52.5.0-1.mga5.noarch email - POP/SMTP - ok calendar - ok address book = ok movemail - ok looks good for mga5-64 Whiteboard:
MGA5TOO MGA6-64-OK MGA6-32-OK =>
MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK on mga6 plasma x86_64 and lxde i586 on 32 bit only hardware packages installed cleanly: - thunderbird-52.5.0-1.mga5.x86_64 - thunderbird-en_GB-52.5.0-1.mga5.noarch email imap to citadel server, smtp send also ok calendar and addressbook sync OK integration between sync kolab and lightning/provider for google calendar 3.3 ok looks good for mga6 64/32 CC:
(none) =>
peter.winterflood (In reply to peter winterflood from comment #5) > on mga6 plasma x86_64 and lxde i586 on 32 bit only hardware > > packages installed cleanly: > - thunderbird-52.5.0-1.mga5.x86_64 > - thunderbird-en_GB-52.5.0-1.mga5.noarch > > email imap to citadel server, smtp send also ok > calendar and addressbook sync OK integration between sync kolab and > lightning/provider for google calendar 3.3 ok > > looks good for mga6 64/32 obviously packages installed cleanly: - thunderbird-52.5.0-1.mga5.i586 for 32 bit, sorry for missing that MGA5-32 on Dell Latitude D600 Xfce No installation issues. Installed with nl language, configured gmail pop. Could send and receive plain messages and with attachments. CC:
(none) =>
herman.viaene Thanks to testers and Herman for nl. Other languages rarely get attention in updates. Validating.
Len Lawrence
2017-11-29 17:39:32 CET
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0432.html Resolution:
(none) =>
FIXED |