Bug 31210

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content. (CVE-2022-45414)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45414
https://www.thunderbird.net/en-US/thunderbird/102.5.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/
========================

Updated packages in core/updates_testing:
========================
thunderbird-102.5.1-1.mga8
thunderbird-ka-102.5.1-1.mga8
thunderbird-ru-102.5.1-1.mga8
thunderbird-uk-102.5.1-1.mga8
thunderbird-el-102.5.1-1.mga8
thunderbird-ja-102.5.1-1.mga8
thunderbird-zh_TW-102.5.1-1.mga8
thunderbird-kk-102.5.1-1.mga8
thunderbird-th-102.5.1-1.mga8
thunderbird-sk-102.5.1-1.mga8
thunderbird-vi-102.5.1-1.mga8
thunderbird-hu-102.5.1-1.mga8
thunderbird-zh_CN-102.5.1-1.mga8
thunderbird-cs-102.5.1-1.mga8
thunderbird-hsb-102.5.1-1.mga8
thunderbird-dsb-102.5.1-1.mga8
thunderbird-hy_AM-102.5.1-1.mga8
thunderbird-sr-102.5.1-1.mga8
thunderbird-es_MX-102.5.1-1.mga8
thunderbird-fr-102.5.1-1.mga8
thunderbird-de-102.5.1-1.mga8
thunderbird-tr-102.5.1-1.mga8
thunderbird-es_AR-102.5.1-1.mga8
thunderbird-pl-102.5.1-1.mga8
thunderbird-ko-102.5.1-1.mga8
thunderbird-kab-102.5.1-1.mga8
thunderbird-fy_NL-102.5.1-1.mga8
thunderbird-sq-102.5.1-1.mga8
thunderbird-pt_BR-102.5.1-1.mga8
thunderbird-cy-102.5.1-1.mga8
thunderbird-bg-102.5.1-1.mga8
thunderbird-sv_SE-102.5.1-1.mga8
thunderbird-be-102.5.1-1.mga8
thunderbird-sl-102.5.1-1.mga8
thunderbird-is-102.5.1-1.mga8
thunderbird-nl-102.5.1-1.mga8
thunderbird-lt-102.5.1-1.mga8
thunderbird-eu-102.5.1-1.mga8
thunderbird-et-102.5.1-1.mga8
thunderbird-da-102.5.1-1.mga8
thunderbird-fi-102.5.1-1.mga8
thunderbird-gl-102.5.1-1.mga8
thunderbird-pt_PT-102.5.1-1.mga8
thunderbird-he-102.5.1-1.mga8
thunderbird-hr-102.5.1-1.mga8
thunderbird-ro-102.5.1-1.mga8
thunderbird-ar-102.5.1-1.mga8
thunderbird-nn_NO-102.5.1-1.mga8
thunderbird-es_ES-102.5.1-1.mga8
thunderbird-en_GB-102.5.1-1.mga8
thunderbird-nb_NO-102.5.1-1.mga8
thunderbird-en_CA-102.5.1-1.mga8
thunderbird-pa_IN-102.5.1-1.mga8
thunderbird-en_US-102.5.1-1.mga8
thunderbird-ca-102.5.1-1.mga8
thunderbird-id-102.5.1-1.mga8
thunderbird-gd-102.5.1-1.mga8
thunderbird-it-102.5.1-1.mga8
thunderbird-lv-102.5.1-1.mga8
thunderbird-br-102.5.1-1.mga8
thunderbird-ga_IE-102.5.1-1.mga8
thunderbird-af-102.5.1-1.mga8
thunderbird-ms-102.5.1-1.mga8
thunderbird-ast-102.5.1-1.mga8
thunderbird-uz-102.5.1-1.mga8

from SRPMS:
thunderbird-102.5.1-1.mga8.src.rpm
thunderbird-l10n-102.5.1-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Source RPM: thunderbird => thunderbird, thunderbird-l10n
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED

MGA8 64 XFCE Intel core I5 6Go RAM.

Updated with QA repo and RPMS:

thunderbird                    102.5.1      1.mga8        x86_64  
thunderbird-fr                 102.5.1      1.mga8        noarch 

No issues after installation.
Send and receive mail in SSL/TLS Ok
Calendar and contact sync ok

CC: (none) => guillaume.royer

mga8-64, Plasma, nvidia-current, old i7
Been using it occasionally since yesterday

- Swedish localisation OK
- settings and mails kept
- IMAP
- SMTP
- printing

CC: (none) => fri

Working ok for pop3 and imap email, rss, and usenet.
Advisory committed to svn.
Validating.

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0452.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED