Bug 2476

Summary: Updated mozilla-thunderbird package to fix several security related problems
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, dmorganec, pham182b, sysadmin-bugs
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html
Whiteboard:
Source RPM: mozilla-thunderbird-3.1.12-1.mga1.src.rpm, mozilla-thunderbird-l10n-3.1.12-1.mga1.src.rpm CVE:
Status comment:

Description Funda Wang 2011-08-20 19:39:59 CEST 
Advisory text:

Security issues were identified and fixed in mozilla-thunderbird:

MFSA 2011-19: Miscellaneous memory safety hazards
MFSA 2011-20: Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-21: Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22: Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-23: Multiple dangling pointer vulnerabilities
MFSA 2011-24: Cookie isolation error

For the detail security changelog, see http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html

The updated packages have been updated to latest stable version 3.1.12 to correct those issues.
Comment 1 claire robinson 2011-08-21 17:10:37 CEST 
No new mail sound played i586 - Bug 1631 still present. It may be an upstream bug though as it was mentioned on several distro's.

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISound.play]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://messenger/content/preferences/general.js :: anonymous :: line 94"  data: no]


It didn't pull in any language pack but none were installed for some reason after upgrade from MDV 2010.2. Installed en_GB, no problems. Spell checking also appears OK.

No other problems to report as yet. Tested with lightning. I won't be available to test further as we're away for the week.
Comment 2 D Morgan 2011-08-25 00:23:59 CEST 
can someone else can test ?  the comment #1 is quite ok for a validation.

CC: (none) => dmorganec

Comment 3 Dave Hodgins 2011-08-25 03:53:33 CEST 
I've tested on i586 by creating a pop account, and an nntp account, and
confirmed I can get/send with both.

CC: (none) => davidwhodgins

Comment 4 Luan Pham 2011-08-25 05:04:46 CEST 
I had test on x86_64 machine by create POP and NNTP account, and I could send and received messages without any problem.

CC: (none) => pham182b

Comment 5 Dave Hodgins 2011-08-25 05:16:54 CEST 
Can somewone from the sysadmin team push the srpm
mozilla-thunderbird-3.1.12-1.mga1.src.rpm
from Core Updates Testing to Core Updates.

Advisory:

Security issues were identified and fixed in mozilla-thunderbird:

MFSA 2011-19: Miscellaneous memory safety hazards
MFSA 2011-20: Use-after-free vulnerability when viewing XUL document with
script disabled
MFSA 2011-21: Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22: Integer overflow and arbitrary code execution in
Array.reduceRight()
MFSA 2011-23: Multiple dangling pointer vulnerabilities
MFSA 2011-24: Cookie isolation error

For the detail security changelog, see
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html

The updated packages have been updated to latest stable version 3.1.12 to
correct those issues.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 D Morgan 2011-08-25 09:31:29 CEST 
update pushed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED