| Summary: | Thunderbird 115.7 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, fri, herman.viaene, sysadmin-bugs, tarazed25 |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | thunderbird, thunderbird-l10n | CVE: | CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 |
| Status comment: | |||
| Bug Depends on: | 32762 | ||
| Bug Blocks: | 32707 | ||
|
Description
Nicolas Salguero
2024-01-24 10:32:59 CET
Nicolas Salguero
2024-01-24 10:35:41 CET
Depends on:
(none) =>
32762 Same again: assigning to you as the current Thunderbird maintainer. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix security vulnerabilities: Out of bounds write in ANGLE. (CVE-2024-0741) Failure to update user input timestamp. (CVE-2024-0742) Crash when listing printers on Linux. (CVE-2024-0746) Bypass of Content Security Policy when directive unsafe-inline was set. (CVE-2024-0747) Phishing site popup could show local origin in address bar. (CVE-2024-0749) Potential permissions request bypass via clickjacking. (CVE-2024-0750) Privilege escalation through devtools. (CVE-2024-0751) HSTS policy on subdomain could bypass policy of upper domain. (CVE-2024-0753) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. (CVE-2024-0755) References: https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/ https://www.thunderbird.net/en-US/thunderbird/115.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-115.7.0-1.mga9 thunderbird-af-115.7.0-1.mga9 thunderbird-ar-115.7.0-1.mga9 thunderbird-ast-115.7.0-1.mga9 thunderbird-be-115.7.0-1.mga9 thunderbird-bg-115.7.0-1.mga9 thunderbird-br-115.7.0-1.mga9 thunderbird-ca-115.7.0-1.mga9 thunderbird-cs-115.7.0-1.mga9 thunderbird-cy-115.7.0-1.mga9 thunderbird-da-115.7.0-1.mga9 thunderbird-de-115.7.0-1.mga9 thunderbird-dsb-115.7.0-1.mga9 thunderbird-el-115.7.0-1.mga9 thunderbird-en_CA-115.7.0-1.mga9 thunderbird-en_GB-115.7.0-1.mga9 thunderbird-en_US-115.7.0-1.mga9 thunderbird-es_AR-115.7.0-1.mga9 thunderbird-es_ES-115.7.0-1.mga9 thunderbird-es_MX-115.7.0-1.mga9 thunderbird-et-115.7.0-1.mga9 thunderbird-eu-115.7.0-1.mga9 thunderbird-fi-115.7.0-1.mga9 thunderbird-fr-115.7.0-1.mga9 thunderbird-fy_NL-115.7.0-1.mga9 thunderbird-ga_IE-115.7.0-1.mga9 thunderbird-gd-115.7.0-1.mga9 thunderbird-gl-115.7.0-1.mga9 thunderbird-he-115.7.0-1.mga9 thunderbird-hr-115.7.0-1.mga9 thunderbird-hsb-115.7.0-1.mga9 thunderbird-hu-115.7.0-1.mga9 thunderbird-hy_AM-115.7.0-1.mga9 thunderbird-id-115.7.0-1.mga9 thunderbird-is-115.7.0-1.mga9 thunderbird-it-115.7.0-1.mga9 thunderbird-ja-115.7.0-1.mga9 thunderbird-ka-115.7.0-1.mga9 thunderbird-kab-115.7.0-1.mga9 thunderbird-kk-115.7.0-1.mga9 thunderbird-ko-115.7.0-1.mga9 thunderbird-lt-115.7.0-1.mga9 thunderbird-lv-115.7.0-1.mga9 thunderbird-ms-115.7.0-1.mga9 thunderbird-nb_NO-115.7.0-1.mga9 thunderbird-nl-115.7.0-1.mga9 thunderbird-nn_NO-115.7.0-1.mga9 thunderbird-pa_IN-115.7.0-1.mga9 thunderbird-pl-115.7.0-1.mga9 thunderbird-pt_BR-115.7.0-1.mga9 thunderbird-pt_PT-115.7.0-1.mga9 thunderbird-ro-115.7.0-1.mga9 thunderbird-ru-115.7.0-1.mga9 thunderbird-sk-115.7.0-1.mga9 thunderbird-sl-115.7.0-1.mga9 thunderbird-sq-115.7.0-1.mga9 thunderbird-sr-115.7.0-1.mga9 thunderbird-sv_SE-115.7.0-1.mga9 thunderbird-th-115.7.0-1.mga9 thunderbird-tr-115.7.0-1.mga9 thunderbird-uk-115.7.0-1.mga9 thunderbird-uz-115.7.0-1.mga9 thunderbird-vi-115.7.0-1.mga9 thunderbird-zh_CN-115.7.0-1.mga9 thunderbird-zh_TW-115.7.0-1.mga9 from SRPMS: thunderbird-115.7.0-1.mga9.src.rpm thunderbird-l10n-115.7.0-1.mga9.src.rpm Assignee:
nicolas.salguero =>
qa-bugs Mageia9, x86_64 thunderbird-115.7.0-1.mga9 thunderbird-en_CA-115.7.0-1.mga9 thunderbird-en_GB-115.7.0-1.mga9 New version installed without issues. Tested address book and sending an email. Filtered messages marked. Calendar works - set up a dummy event with a 5-minute warning and that worked. Copied selected messages to local folders. Weblinks work. So does a search in all mail over several years. CC:
(none) =>
tarazed25
Len Lawrence
2024-01-31 11:33:12 CET
Keywords:
(none) =>
advisory mga9-64 OK Tested under Plasma, Intel I7-870, nvidia-curent on GTX750, 4K screen, new mesa and X11, kernel 6.6.14 linus. backup, updated, rebooted Thunderbird just keep working OK: Swedish locale settings and local mail IMAP (offline, IMAP to synk to server) SMTP ISent and received several mails Moved a thousand mails between folders do not use calendar nor tasks CC:
(none) =>
fri MGA9-64 Plasma Wayland on HP Pavillion No installation issues after installing new firefox. Sent and received mails without ans with attachments, all OK. CC:
(none) =>
herman.viaene Working OK here on two systems. Validating the update. CC:
(none) =>
andrewsfarm, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0024.html Resolution:
(none) =>
FIXED Sigh. One confusing difference since update: All sent mail for any account now get stored in folder Local>Sent (translated from Swedish) Before I had set some account to store sent mail in inbox (to create full thread), and some like mail list to be stored in that account's own sent folder. Those settings *all* got reset to Local>Sent by the update :( Probably an upstream issue. |