Bug 31307

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Drag and Dropped Filenames could have been truncated to malicious extensions. (CVE-2022-46874)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46874
https://www.thunderbird.net/en-US/thunderbird/102.6.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/
========================

Updated packages in core/updates_testing:
========================
thunderbird-102.6.1-1.mga8
thunderbird-ka-102.6.1-1.mga8
thunderbird-ru-102.6.1-1.mga8
thunderbird-uk-102.6.1-1.mga8
thunderbird-el-102.6.1-1.mga8
thunderbird-ja-102.6.1-1.mga8
thunderbird-zh_TW-102.6.1-1.mga8
thunderbird-kk-102.6.1-1.mga8
thunderbird-th-102.6.1-1.mga8
thunderbird-sk-102.6.1-1.mga8
thunderbird-vi-102.6.1-1.mga8
thunderbird-hu-102.6.1-1.mga8
thunderbird-zh_CN-102.6.1-1.mga8
thunderbird-cs-102.6.1-1.mga8
thunderbird-hsb-102.6.1-1.mga8
thunderbird-dsb-102.6.1-1.mga8
thunderbird-hy_AM-102.6.1-1.mga8
thunderbird-sr-102.6.1-1.mga8
thunderbird-es_MX-102.6.1-1.mga8
thunderbird-fr-102.6.1-1.mga8
thunderbird-de-102.6.1-1.mga8
thunderbird-tr-102.6.1-1.mga8
thunderbird-es_AR-102.6.1-1.mga8
thunderbird-pl-102.6.1-1.mga8
thunderbird-ko-102.6.1-1.mga8
thunderbird-kab-102.6.1-1.mga8
thunderbird-fy_NL-102.6.1-1.mga8
thunderbird-sq-102.6.1-1.mga8
thunderbird-pt_BR-102.6.1-1.mga8
thunderbird-cy-102.6.1-1.mga8
thunderbird-bg-102.6.1-1.mga8
thunderbird-sv_SE-102.6.1-1.mga8
thunderbird-be-102.6.1-1.mga8
thunderbird-sl-102.6.1-1.mga8
thunderbird-is-102.6.1-1.mga8
thunderbird-nl-102.6.1-1.mga8
thunderbird-lt-102.6.1-1.mga8
thunderbird-eu-102.6.1-1.mga8
thunderbird-et-102.6.1-1.mga8
thunderbird-da-102.6.1-1.mga8
thunderbird-fi-102.6.1-1.mga8
thunderbird-gl-102.6.1-1.mga8
thunderbird-pt_PT-102.6.1-1.mga8
thunderbird-he-102.6.1-1.mga8
thunderbird-hr-102.6.1-1.mga8
thunderbird-ro-102.6.1-1.mga8
thunderbird-ar-102.6.1-1.mga8
thunderbird-nn_NO-102.6.1-1.mga8
thunderbird-es_ES-102.6.1-1.mga8
thunderbird-en_GB-102.6.1-1.mga8
thunderbird-nb_NO-102.6.1-1.mga8
thunderbird-en_CA-102.6.1-1.mga8
thunderbird-pa_IN-102.6.1-1.mga8
thunderbird-en_US-102.6.1-1.mga8
thunderbird-ca-102.6.1-1.mga8
thunderbird-id-102.6.1-1.mga8
thunderbird-gd-102.6.1-1.mga8
thunderbird-it-102.6.1-1.mga8
thunderbird-lv-102.6.1-1.mga8
thunderbird-br-102.6.1-1.mga8
thunderbird-ga_IE-102.6.1-1.mga8
thunderbird-af-102.6.1-1.mga8
thunderbird-ms-102.6.1-1.mga8
thunderbird-ast-102.6.1-1.mga8
thunderbird-uz-102.6.1-1.mga8

from SRPMS:
thunderbird-102.6.1-1.mga8.src.rpm
thunderbird-l10n-102.6.1-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Source RPM: thunderbird => thunderbird, thunderbird-l10n
Assignee: nicolas.salguero => qa-bugs

mga8-64, Plasma, nvidia-current, old i7

- Swedish OK
- settings and mails kept
- IMAP
- SMTP

CC: (none) => fri

MGA8-64 MATE on Acer Aspire 5253
No installation issues
Sending and receiving mail without and with attachment to and from dektop PC, all works OK, with the continuing niggle that all mails sent get listed twice in the "Sent" folder, although they're received at the remote and only once correctly.

CC: (none) => herman.viaene

MGA8-64 Plasma, HP Probook 6550b, i3, Intel graphics, Broadcom wifi.

US English version, using POP3 email. No installation issues. Sent and received email, checked newsgroups, clicked on a link to bring it up in Firefox.

I do not use the calendar or Enigmail, but for what I do use, it works OK.

CC: (none) => andrewsfarm

No regressions here. pop3, usenet, mailing lists, calendar.
Validating the update.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0484.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED