| Summary: | Thunderbird 102.5 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, fri, joselp, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
| Bug Depends on: | 31128 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2022-11-16 09:30:18 CET
Nicolas Salguero
2022-11-16 09:30:44 CET
Assignee:
bugsquad =>
nicolas.salguero
Nicolas Salguero
2022-11-16 09:41:10 CET
Depends on:
(none) =>
31128 Suggested advisory: ======================== The updated packages fix security vulnerabilities: Service Workers might have learned size of cross-origin media files. (CVE-2022-45403) Fullscreen notification bypass. (CVE-2022-45404) Use-after-free in InputStream implementation. (CVE-2022-45405) Use-after-free of a JavaScript Realm. (CVE-2022-45406) Fullscreen notification bypass via windowName. (CVE-2022-45408) Use-after-free in Garbage Collection. (CVE-2022-45409) ServiceWorker-intercepted requests bypassed SameSite cookie policy. (CVE-2022-45410) Cross-Site Tracing was possible via non-standard override headers. (CVE-2022-45411) Symlinks may resolve to partially uninitialized buffers. (CVE-2022-45412) Keystroke Side-Channel Leakage. (CVE-2022-45416) Custom mouse cursor could have been drawn over browser UI. (CVE-2022-45418) Iframe contents could be rendered outside the iframe. (CVE-2022-45420) Memory safety bugs fixed in Thunderbird 102.5. (CVE-2022-45421) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421 https://www.thunderbird.net/en-US/thunderbird/102.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.5.0-1.mga8 thunderbird-ka-102.5.0-1.mga8 thunderbird-ru-102.5.0-1.mga8 thunderbird-uk-102.5.0-1.mga8 thunderbird-el-102.5.0-1.mga8 thunderbird-ja-102.5.0-1.mga8 thunderbird-zh_TW-102.5.0-1.mga8 thunderbird-kk-102.5.0-1.mga8 thunderbird-th-102.5.0-1.mga8 thunderbird-sk-102.5.0-1.mga8 thunderbird-vi-102.5.0-1.mga8 thunderbird-hu-102.5.0-1.mga8 thunderbird-zh_CN-102.5.0-1.mga8 thunderbird-cs-102.5.0-1.mga8 thunderbird-hsb-102.5.0-1.mga8 thunderbird-dsb-102.5.0-1.mga8 thunderbird-hy_AM-102.5.0-1.mga8 thunderbird-sr-102.5.0-1.mga8 thunderbird-es_MX-102.5.0-1.mga8 thunderbird-fr-102.5.0-1.mga8 thunderbird-de-102.5.0-1.mga8 thunderbird-tr-102.5.0-1.mga8 thunderbird-es_AR-102.5.0-1.mga8 thunderbird-pl-102.5.0-1.mga8 thunderbird-ko-102.5.0-1.mga8 thunderbird-kab-102.5.0-1.mga8 thunderbird-fy_NL-102.5.0-1.mga8 thunderbird-sq-102.5.0-1.mga8 thunderbird-pt_BR-102.5.0-1.mga8 thunderbird-cy-102.5.0-1.mga8 thunderbird-bg-102.5.0-1.mga8 thunderbird-sv_SE-102.5.0-1.mga8 thunderbird-be-102.5.0-1.mga8 thunderbird-sl-102.5.0-1.mga8 thunderbird-is-102.5.0-1.mga8 thunderbird-nl-102.5.0-1.mga8 thunderbird-lt-102.5.0-1.mga8 thunderbird-eu-102.5.0-1.mga8 thunderbird-et-102.5.0-1.mga8 thunderbird-da-102.5.0-1.mga8 thunderbird-fi-102.5.0-1.mga8 thunderbird-gl-102.5.0-1.mga8 thunderbird-pt_PT-102.5.0-1.mga8 thunderbird-he-102.5.0-1.mga8 thunderbird-hr-102.5.0-1.mga8 thunderbird-ro-102.5.0-1.mga8 thunderbird-ar-102.5.0-1.mga8 thunderbird-nn_NO-102.5.0-1.mga8 thunderbird-es_ES-102.5.0-1.mga8 thunderbird-en_GB-102.5.0-1.mga8 thunderbird-nb_NO-102.5.0-1.mga8 thunderbird-en_CA-102.5.0-1.mga8 thunderbird-pa_IN-102.5.0-1.mga8 thunderbird-en_US-102.5.0-1.mga8 thunderbird-ca-102.5.0-1.mga8 thunderbird-id-102.5.0-1.mga8 thunderbird-gd-102.5.0-1.mga8 thunderbird-it-102.5.0-1.mga8 thunderbird-lv-102.5.0-1.mga8 thunderbird-br-102.5.0-1.mga8 thunderbird-ga_IE-102.5.0-1.mga8 thunderbird-af-102.5.0-1.mga8 thunderbird-ms-102.5.0-1.mga8 thunderbird-ast-102.5.0-1.mga8 thunderbird-uz-102.5.0-1.mga8 from SRPMS: thunderbird-102.5.0-1.mga8.src.rpm thunderbird-l10n-102.5.0-1.mga8.src.rpm Assignee:
nicolas.salguero =>
qa-bugs I assume this also fixes the expat issue fixed in Firefox 102.5. MGA8-64 Plasma on i5-2500, Intel graphics, wired Internet. Updated Firefox and Thunderbird at the same time. No issues with either. CC:
(none) =>
andrewsfarm Updated in Mga8-x86_64 Plasma. No Issues for the moment. Receive and send ok. Contacts ok. Accounts POP3 ok. Signatures ok. Settings ok. Addons ok. Spanish translation ok. Greetings and thanks to the dev team! CC:
(none) =>
joselp mga8-64, Plasma, nvidia-current Updated after nss and firefox OK for me using: Swedish locale Stored settings and mails SMTP, IMAP CC:
(none) =>
fri No regressions noticed. Advisory committed to svn. Validating. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0428.html Status:
ASSIGNED =>
RESOLVED RedHat has issued an advisory for this today (November 21): https://access.redhat.com/errata/RHSA-2022:8555 |