Bug 29073

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Out of bounds-read when parsing a `WM_COPYDATA` message. (CVE-2021-29964)

Memory safety bugs fixed in Thunderbird 78.11. (CVE-2021-29967)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967
https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/
https://www.thunderbird.net/en-US/thunderbird/78.11.0/releasenotes/
========================

Updated packages in core/updates_testing:
========================
thunderbird-78.11.0-1.mga{7|8}
thunderbird-enigmail-78.11.0-1.mga{7|8}
thunderbird-ar-78.11.0-1.mga{7|8}
thunderbird-ast-78.11.0-1.mga{7|8}
thunderbird-be-78.11.0-1.mga{7|8}
thunderbird-bg-78.11.0-1.mga{7|8}
thunderbird-br-78.11.0-1.mga{7|8}
thunderbird-ca-78.11.0-1.mga{7|8}
thunderbird-cs-78.11.0-1.mga{7|8}
thunderbird-cy-78.11.0-1.mga{7|8}
thunderbird-da-78.11.0-1.mga{7|8}
thunderbird-de-78.11.0-1.mga{7|8}
thunderbird-el-78.11.0-1.mga{7|8}
thunderbird-en_GB-78.11.0-1.mga{7|8}
thunderbird-en_US-78.11.0-1.mga{7|8}
thunderbird-es_AR-78.11.0-1.mga{7|8}
thunderbird-es_ES-78.11.0-1.mga{7|8}
thunderbird-et-78.11.0-1.mga{7|8}
thunderbird-eu-78.11.0-1.mga{7|8}
thunderbird-fi-78.11.0-1.mga{7|8}
thunderbird-fr-78.11.0-1.mga{7|8}
thunderbird-fy_NL-78.11.0-1.mga{7|8}
thunderbird-ga_IE-78.11.0-1.mga{7|8}
thunderbird-gd-78.11.0-1.mga{7|8}
thunderbird-gl-78.11.0-1.mga{7|8}
thunderbird-he-78.11.0-1.mga{7|8}
thunderbird-hr-78.11.0-1.mga{7|8}
thunderbird-hsb-78.11.0-1.mga{7|8}
thunderbird-hu-78.11.0-1.mga{7|8}
thunderbird-hy_AM-78.11.0-1.mga{7|8}
thunderbird-id-78.11.0-1.mga{7|8}
thunderbird-is-78.11.0-1.mga{7|8}
thunderbird-it-78.11.0-1.mga{7|8}
thunderbird-ja-78.11.0-1.mga{7|8}
thunderbird-ka-78.11.0-1.mga{7|8}
thunderbird-kab-78.11.0-1.mga{7|8}
thunderbird-kk-78.11.0-1.mga{7|8}
thunderbird-ko-78.11.0-1.mga{7|8}
thunderbird-lt-78.11.0-1.mga{7|8}
thunderbird-ms-78.11.0-1.mga{7|8}
thunderbird-nb_NO-78.11.0-1.mga{7|8}
thunderbird-nl-78.11.0-1.mga{7|8}
thunderbird-nn_NO-78.11.0-1.mga{7|8}
thunderbird-pl-78.11.0-1.mga{7|8}
thunderbird-pt_BR-78.11.0-1.mga{7|8}
thunderbird-pt_PT-78.11.0-1.mga{7|8}
thunderbird-ro-78.11.0-1.mga{7|8}
thunderbird-ru-78.11.0-1.mga{7|8}
thunderbird-si-78.11.0-1.mga{7|8}
thunderbird-sk-78.11.0-1.mga{7|8}
thunderbird-sl-78.11.0-1.mga{7|8}
thunderbird-sq-78.11.0-1.mga{7|8}
thunderbird-sv_SE-78.11.0-1.mga{7|8}
thunderbird-tr-78.11.0-1.mga{7|8}
thunderbird-uk-78.11.0-1.mga{7|8}
thunderbird-uz-78.11.0-1.mga{7|8}
thunderbird-vi-78.11.0-1.mga{7|8}
thunderbird-zh_CN-78.11.0-1.mga{7|8}
thunderbird-zh_TW-78.11.0-1.mga{7|8}

from SRPMS:
thunderbird-78.11.0-1.mga{7|8}.src.rpm
thunderbird-l10n-78.11.0-1.mga{7|8}.src.rpm

Status: NEW => ASSIGNED
Depends on: (none) => 29064
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
Version: Cauldron => 8
Assignee: nicolas.salguero => qa-bugs

OK mga8-64, plasma, been using it today:
IMAP, SMTP, translation (Swedish)
Kept my mail accounts and mails from previous version

CC: (none) => fri

Installation and tests on Mageia 8 X64 KDE without problems.

reception and sending of mails without any pb. 

IMAP (993) and SMTP (587), translation in French.

uname -a:
Linux localhost 5.10.41-desktop-1.mga8 #1 SMP Fri May 28 14:12:17 
UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

rpm -q thunderbird:
thunderbird-78.11.0-1.mga8

CC: (none) => hdetavernier

MGA 8 XFCE

Update Thunderbird with QA repo tool.

Reception and sending mail OK.

When I want to write new mail, the spell checker is in English instead of French.
Is anyone see this ?

CC: (none) => guillaume.royer

MGA 7 VM LXQt

Update Thunderbird with QA repo tool.

Reception and sending mail OK.

Here too, when I want to write new mail, the spell checker is in English instead of French.

Did the French Internationalization update package get installed?
$ rpm -q thunderbird-fr
thunderbird-fr-78.11.0-1.mga7

In the composition dialog, select Options, Check Spelling ...
Does it show French as the selected language?

CC: (none) => davidwhodgins

Yes it is, I can't select french check spelling in second step.

Hi, I haven't the issues indicated with the new version. All ok, new message, send, reception, calendar and tasks. all ok. Contacts ok.

No issues here.

Is the appropiate dictionaries installed in the cases of comment 4 and comment 6 how complements of Thunderbird?

CC: (none) => joselp

No problems too.
French dictionary is also installed and functional.

I didn't have to download it.

mga8-64 Plasma. Updated the US-English version this morning. No issues here.

CC: (none) => andrewsfarm

(In reply to Jose Manuel López from comment #8)
> Hi, I haven't the issues indicated with the new version. All ok, new
> message, send, reception, calendar and tasks. all ok. Contacts ok.
> 
> No issues here.
> 
> Is the appropiate dictionaries installed in the cases of comment 4 and
> comment 6 how complements of Thunderbird?

Yes the the approriate dictionnary is installed.
The spelling check works well, I have just to select the good language.

MGA7-64 Plasma on Lenovo B50
No nstallation issues.
Tested by sending/receiving mails to/from my desktop PC without and with attachments.
OK for me.

Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
CC: (none) => herman.viaene

In light of comment 11, looks like a change in how thunderbird works rather then
a bug. Validating the update.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

RedHat has issued an advisory for this today (June 7):
https://access.redhat.com/errata/RHSA-2021:2264

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0242.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED