| Summary: | Thunderbird 52.8 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, doktor5000, fri, jim, lists.jjorge, mhrambo3501, nicolas.salguero, sysadmin-bugs, tarazed25, tmb, wrw105 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | mga6-64-ok has_procedure mga6-32-ok | ||
| Source RPM: | thunderbird | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-05-19 02:05:42 CEST
David Walser
2018-05-19 02:06:36 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO I am working on it. Status:
NEW =>
ASSIGNED Like for 52.7.0 version, I will not push to MGA5 which is long way EOL. Updated package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated thunderbird package fixes bugs and security vulnerabilities. References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-52.8.0-1.mga6 thunderbird-enigmail-52.8.0-1.mga6 from thunderbird-52.8.0-1.mga6.src.rpm thunderbird-ar-52.8.0-1.mga6.noarch.rpm thunderbird-ast-52.8.0-1.mga6.noarch.rpm thunderbird-be-52.8.0-1.mga6.noarch.rpm thunderbird-bg-52.8.0-1.mga6.noarch.rpm thunderbird-bn_BD-52.8.0-1.mga6.noarch.rpm thunderbird-br-52.8.0-1.mga6.noarch.rpm thunderbird-ca-52.8.0-1.mga6.noarch.rpm thunderbird-cs-52.8.0-1.mga6.noarch.rpm thunderbird-cy-52.8.0-1.mga6.noarch.rpm thunderbird-da-52.8.0-1.mga6.noarch.rpm thunderbird-de-52.8.0-1.mga6.noarch.rpm thunderbird-el-52.8.0-1.mga6.noarch.rpm thunderbird-en_GB-52.8.0-1.mga6.noarch.rpm thunderbird-en_US-52.8.0-1.mga6.noarch.rpm thunderbird-es_AR-52.8.0-1.mga6.noarch.rpm thunderbird-es_ES-52.8.0-1.mga6.noarch.rpm thunderbird-et-52.8.0-1.mga6.noarch.rpm thunderbird-eu-52.8.0-1.mga6.noarch.rpm thunderbird-fi-52.8.0-1.mga6.noarch.rpm thunderbird-fr-52.8.0-1.mga6.noarch.rpm thunderbird-fy_NL-52.8.0-1.mga6.noarch.rpm thunderbird-ga_IE-52.8.0-1.mga6.noarch.rpm thunderbird-gd-52.8.0-1.mga6.noarch.rpm thunderbird-gl-52.8.0-1.mga6.noarch.rpm thunderbird-he-52.8.0-1.mga6.noarch.rpm thunderbird-hr-52.8.0-1.mga6.noarch.rpm thunderbird-hsb-52.8.0-1.mga6.noarch.rpm thunderbird-hu-52.8.0-1.mga6.noarch.rpm thunderbird-hy_AM-52.8.0-1.mga6.noarch.rpm thunderbird-id-52.8.0-1.mga6.noarch.rpm thunderbird-is-52.8.0-1.mga6.noarch.rpm thunderbird-it-52.8.0-1.mga6.noarch.rpm thunderbird-ja-52.8.0-1.mga6.noarch.rpm thunderbird-ko-52.8.0-1.mga6.noarch.rpm thunderbird-lt-52.8.0-1.mga6.noarch.rpm thunderbird-nb_NO-52.8.0-1.mga6.noarch.rpm thunderbird-nl-52.8.0-1.mga6.noarch.rpm thunderbird-nn_NO-52.8.0-1.mga6.noarch.rpm thunderbird-pa_IN-52.8.0-1.mga6.noarch.rpm thunderbird-pl-52.8.0-1.mga6.noarch.rpm thunderbird-pt_BR-52.8.0-1.mga6.noarch.rpm thunderbird-pt_PT-52.8.0-1.mga6.noarch.rpm thunderbird-ro-52.8.0-1.mga6.noarch.rpm thunderbird-ru-52.8.0-1.mga6.noarch.rpm thunderbird-si-52.8.0-1.mga6.noarch.rpm thunderbird-sk-52.8.0-1.mga6.noarch.rpm thunderbird-sl-52.8.0-1.mga6.noarch.rpm thunderbird-sq-52.8.0-1.mga6.noarch.rpm thunderbird-sv_SE-52.8.0-1.mga6.noarch.rpm thunderbird-ta_LK-52.8.0-1.mga6.noarch.rpm thunderbird-tr-52.8.0-1.mga6.noarch.rpm thunderbird-uk-52.8.0-1.mga6.noarch.rpm thunderbird-vi-52.8.0-1.mga6.noarch.rpm thunderbird-zh_CN-52.8.0-1.mga6.noarch.rpm thunderbird-zh_TW-52.8.0-1.mga6.noarch.rpm from thunderbird-l10n-52.8.0-1.mga6.src.rpm Could someone please try pushing a mga5 build to see if it will build? (In reply to David Walser from comment #3) > Could someone please try pushing a mga5 build to see if it will build? All in all, it just eats space and cpu time... done. Still fails with the virtual memory exhausted. Thanks for trying! Whiteboard:
MGA6TOO, MGA5TOO =>
(none) Oops, I didn't see that the mga6 build failed too. Not ready just yet :o) Assignee:
qa-bugs =>
lists.jjorge RedHat has issued an advisory for this on May 24: https://access.redhat.com/errata/RHSA-2018:1725 Updated to 52.8.0 in production on my workstation, 64 bit. No issues noted. Using online and offline IMAP to several accounts at my ISP. CC:
(none) =>
fri
José Jorge
2018-05-27 07:30:24 CEST
Assignee:
lists.jjorge =>
qa-bugs The build system was finally fixed so the version is -4 instead of -1 for thunderbird and thunderbird-enigmail when build succeeded. Mageia 6, x86_64 Thunderbird already in use for an IMAP account. It works fine after the update but no testing of enigmail for historical reasons (GNOME keyring and all that). The calendar works as before. CC:
(none) =>
tarazed25 Mageia 6, x86_64 Using Thunderbird for POP3 email, and for newsgroups. I do not use the calendar. Sent and received messages, all seems successful. Looks OK here. CC:
(none) =>
andrewsfarm on mga6-64 - packages installed cleanly: - thunderbird-52.8.0-4.mga6.x86_64 - thunderbird-en_GB-52.8.0-1.mga6.noarch email - POP/SMTP - OK calendar - OK movemail - OK OK here for mga6-64 CC:
(none) =>
jim Tested mga6-64, IMAP/SMTP/calendar Send/receive/move delete all ok Whiteboard:
(none) =>
has_procedure mga6-64-ok Tested mga6-32 under virtualbox as above, all OK. Validating. ready for push when advisory uploaded to svn. Whiteboard:
has_procedure mga6-64-ok =>
mga6-64-ok has_procedure mga6-32-ok Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150). Mozilla: Backport critical security fixes in Skia (CVE-2018-5183). Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154). Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155). Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159). Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184). Mozilla: Hang via malformed headers (CVE-2018-5161). Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162). Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168). Mozilla: Filename spoofing for external attachments (CVE-2018-5170). Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178). Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185 https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/ https://access.redhat.com/errata/RHSA-2018:1725
Thomas Backlund
2018-05-30 21:31:19 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0261.html Status:
ASSIGNED =>
RESOLVED |