| Summary: | Thunderbird 78.9.1 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | fri, guillaume.royer, joselp, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
|
Description
Nicolas Salguero
2021-04-12 10:42:22 CEST
Nicolas Salguero
2021-04-12 10:42:39 CEST
Source RPM:
(none) =>
thunderbird, thunderbird-l10n Pardon me assigning this to you - the right man for this SRPM. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix security vulnerabilities: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key. (CVE-2021-23991) A crafted OpenPGP key with an invalid user ID could be used to confuse the user. (MOZ-2021-23992) Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key. (CVE-2021-23993) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993 https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ https://www.thunderbird.net/en-US/thunderbird/78.9.1/releasenotes/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-78.9.1-1.mga{7|8} thunderbird-enigmail-78.9.1-1.mga{7|8} thunderbird-ar-78.9.1-1.mga{7|8} thunderbird-ast-78.9.1-1.mga{7|8} thunderbird-be-78.9.1-1.mga{7|8} thunderbird-bg-78.9.1-1.mga{7|8} thunderbird-br-78.9.1-1.mga{7|8} thunderbird-ca-78.9.1-1.mga{7|8} thunderbird-cs-78.9.1-1.mga{7|8} thunderbird-cy-78.9.1-1.mga{7|8} thunderbird-da-78.9.1-1.mga{7|8} thunderbird-de-78.9.1-1.mga{7|8} thunderbird-el-78.9.1-1.mga{7|8} thunderbird-en_GB-78.9.1-1.mga{7|8} thunderbird-en_US-78.9.1-1.mga{7|8} thunderbird-es_AR-78.9.1-1.mga{7|8} thunderbird-es_ES-78.9.1-1.mga{7|8} thunderbird-et-78.9.1-1.mga{7|8} thunderbird-eu-78.9.1-1.mga{7|8} thunderbird-fi-78.9.1-1.mga{7|8} thunderbird-fr-78.9.1-1.mga{7|8} thunderbird-fy_NL-78.9.1-1.mga{7|8} thunderbird-ga_IE-78.9.1-1.mga{7|8} thunderbird-gd-78.9.1-1.mga{7|8} thunderbird-gl-78.9.1-1.mga{7|8} thunderbird-he-78.9.1-1.mga{7|8} thunderbird-hr-78.9.1-1.mga{7|8} thunderbird-hsb-78.9.1-1.mga{7|8} thunderbird-hu-78.9.1-1.mga{7|8} thunderbird-hy_AM-78.9.1-1.mga{7|8} thunderbird-id-78.9.1-1.mga{7|8} thunderbird-is-78.9.1-1.mga{7|8} thunderbird-it-78.9.1-1.mga{7|8} thunderbird-ja-78.9.1-1.mga{7|8} thunderbird-ka-78.9.1-1.mga{7|8} thunderbird-kab-78.9.1-1.mga{7|8} thunderbird-kk-78.9.1-1.mga{7|8} thunderbird-ko-78.9.1-1.mga{7|8} thunderbird-lt-78.9.1-1.mga{7|8} thunderbird-ms-78.9.1-1.mga{7|8} thunderbird-nb_NO-78.9.1-1.mga{7|8} thunderbird-nl-78.9.1-1.mga{7|8} thunderbird-nn_NO-78.9.1-1.mga{7|8} thunderbird-pl-78.9.1-1.mga{7|8} thunderbird-pt_BR-78.9.1-1.mga{7|8} thunderbird-pt_PT-78.9.1-1.mga{7|8} thunderbird-ro-78.9.1-1.mga{7|8} thunderbird-ru-78.9.1-1.mga{7|8} thunderbird-si-78.9.1-1.mga{7|8} thunderbird-sk-78.9.1-1.mga{7|8} thunderbird-sl-78.9.1-1.mga{7|8} thunderbird-sq-78.9.1-1.mga{7|8} thunderbird-sv_SE-78.9.1-1.mga{7|8} thunderbird-tr-78.9.1-1.mga{7|8} thunderbird-uk-78.9.1-1.mga{7|8} thunderbird-uz-78.9.1-1.mga{7|8} thunderbird-vi-78.9.1-1.mga{7|8} thunderbird-zh_CN-78.9.1-1.mga{7|8} thunderbird-zh_TW-78.9.1-1.mga{7|8} from SRPMS: thunderbird-78.9.1-1.mga{7|8}.src.rpm thunderbird-l10n-78.9.1-1.mga{7|8}.src.rpm Whiteboard:
MGA8TOO, MGA7TOO =>
MGA7TOO Worsk fine in Mageia 8 Plasma x64. Send and received emails, calendar ok, task ok. No issues here. CC:
(none) =>
joselp MGA 8 XFCE Uodats with QA repo and: thunderbird-78.9.1-1.mga8 thunderbird-enigmail-78.9.1-1.mga8 thunderbird-fr-78.9.1-1.mga8 No issues found, reception and send mail OK CC:
(none) =>
guillaume.royer Updated OK here too, mga8-64 Plasma, Nvidia-current, swedish IMAP and SMTP CC:
(none) =>
fri MGA 7 VM Gnome Updated with QA repo and: thunderbird-78.9.1-1.mga8 thunderbird-enigmail-78.9.1-1.mga8 thunderbird-fr-78.9.1-1.mga8 No issues found, reception and send mail OK (In reply to Guillaume Royer from comment #6) MGA 7 VM Gnome <=== Really ? ;) > > Updated with QA repo and: > thunderbird-78.9.1-1.mga8 <<=== These should be .mga7... wrong copy/paste? ;) > thunderbird-enigmail-78.9.1-1.mga8 > thunderbird-fr-78.9.1-1.mga8 > > No issues found, reception and send mail OK Same under Plasma. No issue so far since 2 days. Validating. Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK MGA8-64-OK (In reply to Aurelien Oudelet from comment #7) > (In reply to Guillaume Royer from comment #6) > MGA 7 VM Gnome <=== Really ? ;) > > > > Updated with QA repo and: > > > thunderbird-78.9.1-1.mga8 <<=== These should be .mga7... wrong > copy/paste? ;) > > thunderbird-enigmail-78.9.1-1.mga8 > > thunderbird-fr-78.9.1-1.mga8 > > > > No issues found, reception and send mail OK > > Same under Plasma. No issue so far since 2 days. > Validating. These should be .mga7... wrong copy/paste? ;) <== Yes sorry :'( An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0189.html Resolution:
(none) =>
FIXED RedHat has issued an advisory for this on April 14: https://access.redhat.com/errata/RHSA-2021:1193 I was notified by Christian Fischer that the MOZ vulnerabilities have CVEs. SVN advisory updated. Mageia Advisory: https://advisories.mageia.org/MGASA-2021-0189.html Mozilla Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ Suggested change(s): MOZ-2021-23992 -> CVE-2021-23992 |