| Summary: | Thunderbird 78.4 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, fri, jim, ouaurelien, sysadmin-bugs, wrw105 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK MGA7-32-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | CVE-2020-15969, CVE-2020-15683 |
| Status comment: | |||
| Bug Depends on: | 27460 | ||
| Bug Blocks: | |||
|
Description
David Walser
2020-10-16 20:33:41 CEST
Mozilla has released Thunderbird 78.4.0 on October 20: https://www.thunderbird.net/en-US/thunderbird/78.4.0/releasenotes/ It likely contains the same security fixes as Firefox 78.4.0 (Bug 27460). Summary:
Thunderbird 78.3.3 =>
Thunderbird 78.4 Suggested advisory: ======================== The updated packages fix security vulnerabilities: Use-after-free in usersctp. (CVE-2020-15969) Memory safety bugs fixed in Thunderbird 78.4. (CVE-2020-15683) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15683 https://www.thunderbird.net/en-US/thunderbird/78.3.3/releasenotes/ https://www.thunderbird.net/en-US/thunderbird/78.4.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-78.4.0-1.mga7 thunderbird-enigmail-78.4.0-1.mga7 thunderbird-ar-78.4.0-1.mga7 thunderbird-ast-78.4.0-1.mga7 thunderbird-be-78.4.0-1.mga7 thunderbird-bg-78.4.0-1.mga7 thunderbird-br-78.4.0-1.mga7 thunderbird-ca-78.4.0-1.mga7 thunderbird-cs-78.4.0-1.mga7 thunderbird-cy-78.4.0-1.mga7 thunderbird-da-78.4.0-1.mga7 thunderbird-de-78.4.0-1.mga7 thunderbird-el-78.4.0-1.mga7 thunderbird-en_GB-78.4.0-1.mga7 thunderbird-en_US-78.4.0-1.mga7 thunderbird-es_AR-78.4.0-1.mga7 thunderbird-es_ES-78.4.0-1.mga7 thunderbird-et-78.4.0-1.mga7 thunderbird-eu-78.4.0-1.mga7 thunderbird-fi-78.4.0-1.mga7 thunderbird-fr-78.4.0-1.mga7 thunderbird-fy_NL-78.4.0-1.mga7 thunderbird-ga_IE-78.4.0-1.mga7 thunderbird-gd-78.4.0-1.mga7 thunderbird-gl-78.4.0-1.mga7 thunderbird-he-78.4.0-1.mga7 thunderbird-hr-78.4.0-1.mga7 thunderbird-hsb-78.4.0-1.mga7 thunderbird-hu-78.4.0-1.mga7 thunderbird-hy_AM-78.4.0-1.mga7 thunderbird-id-78.4.0-1.mga7 thunderbird-is-78.4.0-1.mga7 thunderbird-it-78.4.0-1.mga7 thunderbird-ja-78.4.0-1.mga7 thunderbird-ka-78.4.0-1.mga7 thunderbird-kab-78.4.0-1.mga7 thunderbird-kk-78.4.0-1.mga7 thunderbird-ko-78.4.0-1.mga7 thunderbird-lt-78.4.0-1.mga7 thunderbird-ms-78.4.0-1.mga7 thunderbird-nb_NO-78.4.0-1.mga7 thunderbird-nl-78.4.0-1.mga7 thunderbird-nn_NO-78.4.0-1.mga7 thunderbird-pl-78.4.0-1.mga7 thunderbird-pt_BR-78.4.0-1.mga7 thunderbird-pt_PT-78.4.0-1.mga7 thunderbird-ro-78.4.0-1.mga7 thunderbird-ru-78.4.0-1.mga7 thunderbird-si-78.4.0-1.mga7 thunderbird-sk-78.4.0-1.mga7 thunderbird-sl-78.4.0-1.mga7 thunderbird-sq-78.4.0-1.mga7 thunderbird-sv_SE-78.4.0-1.mga7 thunderbird-tr-78.4.0-1.mga7 thunderbird-uk-78.4.0-1.mga7 thunderbird-uz-78.4.0-1.mga7 thunderbird-vi-78.4.0-1.mga7 thunderbird-zh_CN-78.4.0-1.mga7 thunderbird-zh_TW-78.4.0-1.mga7 from SRPMS: thunderbird-78.4.0-1.mga7.src.rpm thunderbird-l10n-78.4.0-1.mga7.src.rpm Assignee:
nicolas.salguero =>
qa-bugs mga7-64 running fine, Plasma, Nvidia, i7, 4k screen. Offline IMAP, SMTP. Swedish localisation. Several accounts, many thousands emails. Not tested PGP nor calendar. CC:
(none) =>
fri Updated the 64-bit US English versions of both Firefox and Thunderbird in one operation, using QArepo. No installation issues noted. Received and replied to some POP email, looked at newsgroups. I don't use the calendar or enigmail, but it looks good for what I do with it. CC:
(none) =>
andrewsfarm Tested MGA7-32 send/receive/move/delete, including drag and drop, SMTP/IMAP all OK Whiteboard:
(none) =>
mga7-32-ok tested mga7-64 as above, all OK Will leave for further tests unless TJ is happy and validates. Whiteboard:
mga7-32-ok =>
mga7-64-ok mga7-32-ok I'm good with it. Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update (In reply to David Walser from comment #1) > Mozilla has released Thunderbird 78.4.0 on October 20: > https://www.thunderbird.net/en-US/thunderbird/78.4.0/releasenotes/ > "Yahoo and AOL mail users using password authentication will be migrated to OAuth2" Too bad they didn't do this in an earlier version. I just did this manually about a week ago for my Yahoo mail account. Yahoo kept telling me it would stop working on 20 October if I didn't take care of it. Having it done for me automagically would have been nice. Advisory pushed to SVN. Keywords:
(none) =>
advisory On mga7-64 kernel-desktop plasma packages installed cleanly: - thunderbird-78.4.0-1.mga7.x86_64 - thunderbird-en_GB-78.4.0-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga7-64 CC:
(none) =>
jim An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0396.html Resolution:
(none) =>
FIXED RedHat has issued an advisory for this on November 4: https://access.redhat.com/errata/RHSA-2020:4913 |