| Summary: | Thunderbird 102.9 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, fri, herman.viaene, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | |
| Status comment: | |||
| Bug Depends on: | 31663 | ||
| Bug Blocks: | |||
|
Description
Nicolas Salguero
2023-03-16 09:19:03 CET
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Incorrect code generation during JIT compilation. (CVE-2023-25751) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. (CVE-2023-28164) Invalid downcast in Worklets. (CVE-2023-28162) Potential out-of-bounds when accessing throttled streams. (CVE-20223-25752) Memory safety bugs fixed in Thunderbird 102.9. (CVE-2023-28176) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28164 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28162 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28176 https://www.thunderbird.net/en-US/thunderbird/102.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.9.0-1.mga8 thunderbird-ka-102.9.0-1.mga8 thunderbird-ru-102.9.0-1.mga8 thunderbird-uk-102.9.0-1.mga8 thunderbird-el-102.9.0-1.mga8 thunderbird-ja-102.9.0-1.mga8 thunderbird-zh_TW-102.9.0-1.mga8 thunderbird-kk-102.9.0-1.mga8 thunderbird-th-102.9.0-1.mga8 thunderbird-sk-102.9.0-1.mga8 thunderbird-vi-102.9.0-1.mga8 thunderbird-hu-102.9.0-1.mga8 thunderbird-zh_CN-102.9.0-1.mga8 thunderbird-cs-102.9.0-1.mga8 thunderbird-hsb-102.9.0-1.mga8 thunderbird-dsb-102.9.0-1.mga8 thunderbird-hy_AM-102.9.0-1.mga8 thunderbird-sr-102.9.0-1.mga8 thunderbird-es_MX-102.9.0-1.mga8 thunderbird-fr-102.9.0-1.mga8 thunderbird-de-102.9.0-1.mga8 thunderbird-tr-102.9.0-1.mga8 thunderbird-es_AR-102.9.0-1.mga8 thunderbird-pl-102.9.0-1.mga8 thunderbird-ko-102.9.0-1.mga8 thunderbird-kab-102.9.0-1.mga8 thunderbird-fy_NL-102.9.0-1.mga8 thunderbird-sq-102.9.0-1.mga8 thunderbird-pt_BR-102.9.0-1.mga8 thunderbird-cy-102.9.0-1.mga8 thunderbird-bg-102.9.0-1.mga8 thunderbird-sv_SE-102.9.0-1.mga8 thunderbird-be-102.9.0-1.mga8 thunderbird-sl-102.9.0-1.mga8 thunderbird-is-102.9.0-1.mga8 thunderbird-nl-102.9.0-1.mga8 thunderbird-lt-102.9.0-1.mga8 thunderbird-eu-102.9.0-1.mga8 thunderbird-et-102.9.0-1.mga8 thunderbird-da-102.9.0-1.mga8 thunderbird-fi-102.9.0-1.mga8 thunderbird-gl-102.9.0-1.mga8 thunderbird-pt_PT-102.9.0-1.mga8 thunderbird-he-102.9.0-1.mga8 thunderbird-hr-102.9.0-1.mga8 thunderbird-ro-102.9.0-1.mga8 thunderbird-ar-102.9.0-1.mga8 thunderbird-nn_NO-102.9.0-1.mga8 thunderbird-es_ES-102.9.0-1.mga8 thunderbird-en_GB-102.9.0-1.mga8 thunderbird-nb_NO-102.9.0-1.mga8 thunderbird-en_CA-102.9.0-1.mga8 thunderbird-pa_IN-102.9.0-1.mga8 thunderbird-en_US-102.9.0-1.mga8 thunderbird-ca-102.9.0-1.mga8 thunderbird-id-102.9.0-1.mga8 thunderbird-gd-102.9.0-1.mga8 thunderbird-it-102.9.0-1.mga8 thunderbird-lv-102.9.0-1.mga8 thunderbird-br-102.9.0-1.mga8 thunderbird-ga_IE-102.9.0-1.mga8 thunderbird-af-102.9.0-1.mga8 thunderbird-ms-102.9.0-1.mga8 thunderbird-ast-102.9.0-1.mga8 thunderbird-uz-102.9.0-1.mga8 from SRPMS: thunderbird-102.9.0-1.mga8.src.rpm thunderbird-l10n-102.9.0-1.mga8.src.rpm Assignee:
bugsquad =>
qa-bugs
Nicolas Salguero
2023-03-16 09:39:13 CET
Depends on:
(none) =>
31663 mga8-64, Plasma, nvidia-current, intel i7 - thunderbird-102.9.0-1.mga8.x86_64 - thunderbird-sv_SE-102.9.0-1.mga8.noarch Tests OK: Swedish locale settings and local mail kept IMAP (offline, IMAP to synk to server) SMTP tested incl inline pictures and attached files. Did not test Filters, Calendar, PGP, RSS... CC:
(none) =>
fri Sorry, the following package cannot be selected: - thunderbird-102.9.0-1.mga8.x86_64 (due to unsatisfied lib64nss3[>= 2:3.89.0]) CC:
(none) =>
herman.viaene First perform update to Bug 31663 - Firefox 102.9 Updated Firefox and Thunderbird together using qarepo, since both usually go out together. This particular install of Thunderbird had not been used since 2018, so there was some catching up to do. Authentication for Gmail was converted from password to 0Auth2 without incident. I use POP mail, so it only had a few emails to download. Sent and received emails OK. I don't use the calendar. CC:
(none) =>
andrewsfarm mga8, x64 Firefox update already done. Updated Thunderbird for en_GB and restarted it without any problems. Selected an address from the addressbook, composed a message and sent it successfully. Tried out the alarm facility in the calendar - that worked OK - reminder arrived on the dot. CC:
(none) =>
tarazed25 I believe this and Firefox are both OK. In addition to in Mageia 8, I have been using both in Cauldron for several days now, with no issues. Validating the update. Advisory in comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2023-03-23 23:38:27 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0116.html Status:
ASSIGNED =>
RESOLVED RedHat has issued an advisory for this on March 22: https://access.redhat.com/errata/RHSA-2023:1407 |