| Summary: | Thunderbird 60.9.0 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, fri, sysadmin-bugs, tarazed25, tmb, wrw105 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
| Bug Depends on: | 25396 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2019-09-07 13:51:58 CEST
Nicolas Salguero
2019-09-07 13:52:23 CEST
Source RPM:
(none) =>
thunderbird, thunderbird-l10n
Nicolas Salguero
2019-09-07 14:06:09 CEST
Assignee:
bugsquad =>
nicolas.salguero 60.9.0-1 mga6 - 64 bit + Swedish working nicely here on Plasma - tested for some hours in production, offline IMAP + SMTP, but not tested Calendar. This system is fully updated to testing repos. CC:
(none) =>
fri
Nicolas Salguero
2019-09-11 09:13:25 CEST
Depends on:
(none) =>
25396 Suggested advisory: ======================== The updated packages fix some bugs and security issues. References: https://www.thunderbird.net/en-US/thunderbird/60.9.0/releasenotes/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-60.9.0-1.mga6 thunderbird-enigmail-60.9.0-1.mga6 thunderbird-ar-60.9.0-1.mga6 thunderbird-ast-60.9.0-1.mga6 thunderbird-be-60.9.0-1.mga6 thunderbird-bg-60.9.0-1.mga6 thunderbird-br-60.9.0-1.mga6 thunderbird-ca-60.9.0-1.mga6 thunderbird-cs-60.9.0-1.mga6 thunderbird-cy-60.9.0-1.mga6 thunderbird-da-60.9.0-1.mga6 thunderbird-de-60.9.0-1.mga6 thunderbird-el-60.9.0-1.mga6 thunderbird-en_GB-60.9.0-1.mga6 thunderbird-en_US-60.9.0-1.mga6 thunderbird-es_AR-60.9.0-1.mga6 thunderbird-es_ES-60.9.0-1.mga6 thunderbird-et-60.9.0-1.mga6 thunderbird-eu-60.9.0-1.mga6 thunderbird-fi-60.9.0-1.mga6 thunderbird-fr-60.9.0-1.mga6 thunderbird-fy_NL-60.9.0-1.mga6 thunderbird-ga_IE-60.9.0-1.mga6 thunderbird-gd-60.9.0-1.mga6 thunderbird-gl-60.9.0-1.mga6 thunderbird-he-60.9.0-1.mga6 thunderbird-hr-60.9.0-1.mga6 thunderbird-hsb-60.9.0-1.mga6 thunderbird-hu-60.9.0-1.mga6 thunderbird-hy_AM-60.9.0-1.mga6 thunderbird-id-60.9.0-1.mga6 thunderbird-is-60.9.0-1.mga6 thunderbird-it-60.9.0-1.mga6 thunderbird-ja-60.9.0-1.mga6 thunderbird-ko-60.9.0-1.mga6 thunderbird-lt-60.9.0-1.mga6 thunderbird-nb_NO-60.9.0-1.mga6 thunderbird-nl-60.9.0-1.mga6 thunderbird-nn_NO-60.9.0-1.mga6 thunderbird-pl-60.9.0-1.mga6 thunderbird-pt_BR-60.9.0-1.mga6 thunderbird-pt_PT-60.9.0-1.mga6 thunderbird-ro-60.9.0-1.mga6 thunderbird-ru-60.9.0-1.mga6 thunderbird-si-60.9.0-1.mga6 thunderbird-sk-60.9.0-1.mga6 thunderbird-sl-60.9.0-1.mga6 thunderbird-sq-60.9.0-1.mga6 thunderbird-sv_SE-60.9.0-1.mga6 thunderbird-tr-60.9.0-1.mga6 thunderbird-uk-60.9.0-1.mga6 thunderbird-vi-60.9.0-1.mga6 thunderbird-zh_CN-60.9.0-1.mga6 thunderbird-zh_TW-60.9.0-1.mga6 from SRPMS: thunderbird-60.9.0-1.mga6.src.rpm thunderbird-l10n-60.9.0-1.mga6.src.rpm Assignee:
nicolas.salguero =>
qa-bugs mga6, x86_64 The new thunderbird works fine here for a gmail account. Updated in the middle of checking email. After restart all looked the same but there are many changes under the hood, too many to check. The calendar/reminder function is working fine and contains the new location option for tasks. Good for 64bits. CC:
(none) =>
tarazed25 Tested MGA6-32: Send/Recieve/Move/Delete over IMAP/SMTP all ok. Calendar OK CC:
(none) =>
wrw105 (In reply to Len Lawrence from comment #3) > mga6, x86_64 > > The new thunderbird works fine here for a gmail account. Updated in the > middle of checking email. After restart all looked the same but there are > many changes under the hood, too many to check. The calendar/reminder > function is working fine and contains the new location option for tasks. > > Good for 64bits. Thank you, Len. Adding a 64-bit OK based on Morgan's and your tests, and validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Better advisory, added to svn:
type: security
subject: Updated thunderbird packages fix security vulnerabilities
CVE:
- CVE-2019-11739
- CVE-2019-11740
- CVE-2019-11742
- CVE-2019-11743
- CVE-2019-11744
- CVE-2019-11752
src:
6:
core:
- thunderbird-60.9.0-1.mga6
- thunderbird-l10n-60.9.0-1.mga6
description: |
Updated thunderbird packages fix security vulnerabilities:
Covert Content Attack on S/MIME encryption using a crafted multipart/
alternative message (CVE-2019-11739).
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox
ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 (CVE-2019-11740)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images (CVE-2019-11742)
Cross-origin access to unload event attributes (CVE-2019-11743)
XSS by breaking out of title and textarea elements using innerHTML
(CVE-2019-11744)
Use-after-free while manipulating video (CVE-2019-11746)
Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752)
references:
- https://bugs.mageia.org/show_bug.cgi?id=25415
- https://www.thunderbird.net/en-US/thunderbird/60.9.0/releasenotes/CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0275.html Status:
ASSIGNED =>
RESOLVED RedHat has issued an advisory for this today (September 16): https://access.redhat.com/errata/RHSA-2019:2774 |