| Summary: | Thunderbird 78.9 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, fri, guillaume.royer, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
| Bug Depends on: | 28641 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2021-03-25 09:14:24 CET
Nicolas Salguero
2021-03-25 09:14:40 CET
Source RPM:
(none) =>
thunderbird, thunderbird-l10n
Nicolas Salguero
2021-03-25 09:30:49 CET
Depends on:
(none) =>
28641 Assigning this also to you Nicolas as having much maintained it; CC'ing neoclust who also has committed it recently. Assignee:
bugsquad =>
nicolas.salguero pushed in cauldron mga7/8 by Nicolas:
src:
- mageia 7:
- thunderbird-l10n-78.9.0-1.mga7
- thunderbird-78.9.0-1.mga7
- mageia 8:
- thunderbird-l10n-78.9.0-1.mga8
- thunderbird-78.9.0-1.mga8Assignee:
nicolas.salguero =>
qa-bugs mga7-64 Plasma Nvidia-current quick test OK Picking up settings and many thousands mail in a handful accounts Swedish locale Ask password at start (as set) Offline IMAP, SMTP send printing Continue using it tomorrow etc CC:
(none) =>
fri Suggested advisory: ======================== The updated packages fix security vulnerabilities: Texture upload into an unbound backing buffer resulted in an out-of-bound read. (CVE-2021-23981) Angle graphics library out of date. (MOZ-2021-0002) Internal network hosts could have been probed by a malicious webpage. (CVE-2021-23982) Malicious extensions could have spoofed popup information. (CVE-2021-23984) Memory safety bugs fixed in Thunderbird 78.9. (CVE-2021-23987) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987 https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/ Status:
NEW =>
ASSIGNED I have been using the US English version in mga8-64 Plasma for a few hours, with no issues noted. CC:
(none) =>
andrewsfarm Testing to day Thunderbird. Update ok with QA Repo and with: thunderbird-78.9.0-1.mga8 thunderbird-fr-78.9.0-1.mga8.noarch.rpm And: lib64nss3-3.63.0-1.mga8.x86_64.rpm lib64nspr4-4.30-1.mga8.x86_64.rpm Because dependencies weren't satisfied Send mail OK and reception Ok I'll try to install it in the day on VM M7 CC:
(none) =>
guillaume.royer Testing to day Thunderbird M7 VM GNOME Update ok with QA Repo and with: thunderbird-78.9.0-1.mga7 thunderbird-fr-78.9.0-1.mga7.noarch.rpm Configuration new account OK, send mail OK and reception Ok Mageia 7 and 8 Plasma. x86_64 OK Validating. CC:
(none) =>
ouaurelien, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0164.html Resolution:
(none) =>
FIXED RedHat has issued an advisory for this on March 25: https://access.redhat.com/errata/RHSA-2021:0993 I was notified by Christian Fischer that the MOZ vulnerabilities have CVEs. SVN advisory updated. Mageia Advisory: https://advisories.mageia.org/MGASA-2021-0164.html Mozilla Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/ Suggested change(s): MOZ-2021-0002 -> CVE-2021-4127 |