Bug 29258

Suggested advisory:
========================

The updated packages fix a security vulnerability:

IMAP server responses sent by a MITM prior to STARTTLS could be processed. (CVE-2021-29969)

Use-after-free in accessibility features of a document. (CVE-2021-29970)

Out of bounds write in ANGLE. (CVE-2021-30547)

Memory safety bugs fixed in Thunderbird 78.12. (CVE-2021-29976)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976
https://www.thunderbird.net/en-US/thunderbird/78.12.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/
========================

Updated packages in core/updates_testing:
========================
thunderbird-78.12.0-1.mga8
thunderbird-enigmail-78.12.0-1.mga8
thunderbird-ar-78.12.0-1.mga8
thunderbird-ast-78.12.0-1.mga8
thunderbird-be-78.12.0-1.mga8
thunderbird-bg-78.12.0-1.mga8
thunderbird-br-78.12.0-1.mga8
thunderbird-ca-78.12.0-1.mga8
thunderbird-cs-78.12.0-1.mga8
thunderbird-cy-78.12.0-1.mga8
thunderbird-da-78.12.0-1.mga8
thunderbird-de-78.12.0-1.mga8
thunderbird-el-78.12.0-1.mga8
thunderbird-en_GB-78.12.0-1.mga8
thunderbird-en_US-78.12.0-1.mga8
thunderbird-es_AR-78.12.0-1.mga8
thunderbird-es_ES-78.12.0-1.mga8
thunderbird-et-78.12.0-1.mga8
thunderbird-eu-78.12.0-1.mga8
thunderbird-fi-78.12.0-1.mga8
thunderbird-fr-78.12.0-1.mga8
thunderbird-fy_NL-78.12.0-1.mga8
thunderbird-ga_IE-78.12.0-1.mga8
thunderbird-gd-78.12.0-1.mga8
thunderbird-gl-78.12.0-1.mga8
thunderbird-he-78.12.0-1.mga8
thunderbird-hr-78.12.0-1.mga8
thunderbird-hsb-78.12.0-1.mga8
thunderbird-hu-78.12.0-1.mga8
thunderbird-hy_AM-78.12.0-1.mga8
thunderbird-id-78.12.0-1.mga8
thunderbird-is-78.12.0-1.mga8
thunderbird-it-78.12.0-1.mga8
thunderbird-ja-78.12.0-1.mga8
thunderbird-ka-78.12.0-1.mga8
thunderbird-kab-78.12.0-1.mga8
thunderbird-kk-78.12.0-1.mga8
thunderbird-ko-78.12.0-1.mga8
thunderbird-lt-78.12.0-1.mga8
thunderbird-ms-78.12.0-1.mga8
thunderbird-nb_NO-78.12.0-1.mga8
thunderbird-nl-78.12.0-1.mga8
thunderbird-nn_NO-78.12.0-1.mga8
thunderbird-pl-78.12.0-1.mga8
thunderbird-pt_BR-78.12.0-1.mga8
thunderbird-pt_PT-78.12.0-1.mga8
thunderbird-ro-78.12.0-1.mga8
thunderbird-ru-78.12.0-1.mga8
thunderbird-si-78.12.0-1.mga8
thunderbird-sk-78.12.0-1.mga8
thunderbird-sl-78.12.0-1.mga8
thunderbird-sq-78.12.0-1.mga8
thunderbird-sv_SE-78.12.0-1.mga8
thunderbird-tr-78.12.0-1.mga8
thunderbird-uk-78.12.0-1.mga8
thunderbird-uz-78.12.0-1.mga8
thunderbird-vi-78.12.0-1.mga8
thunderbird-zh_CN-78.12.0-1.mga8
thunderbird-zh_TW-78.12.0-1.mga8

from SRPMS:
thunderbird-78.12.0-1.mga8.src.rpm
thunderbird-l10n-78.12.0-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Tested mga8-32
send/receive/move/delete over IMAP/SMTP ok.

Mageia X64 Gnome
Installation ok. I needed to install lib64otr5 dependency before.

Language settings are offered at installation.

sended and received emails without any problems over IMAP and SMTP too.

CC: (none) => hdetavernier

tested mga8-x64 as above, all ok.

Whiteboard: mga8-32-ok => mga8-32-ok mga8-64-ok

MGA8-64 Plasma

Thunderbird updated with QARepo. OK.
SSL IMAP and SSL SMTP OK
SSL POP3 OK.
Built-in openPGP crypto OK

Validating.

CVE: (none) => CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
Whiteboard: mga8-32-ok mga8-64-ok => MGA8-64-OK MGA8-32-OK
Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0355.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Good here too
mga8-64 Plasma, nvidia, SMTP, IMAP, swedish

CC: (none) => fri

RedHat has issued an advisory for this today (July 26):
https://access.redhat.com/errata/RHSA-2021:2881