Bug 33311

Passing back to you, Nicolas, as you currently do Thunderbird updates.

Assignee: bugsquad => nicolas.salguero

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Use-after-free in networking. (CVE-2024-5702)

Use-after-free in JavaScript object transplant. (CVE-2024-5688)

External protocol handlers leaked by timing attack. (CVE-2024-5690)

Sandboxed iframes were able to bypass sandbox restrictions to open a new window. (CVE-2024-5691)

Cross-Origin Image leak via Offscreen Canvas. (CVE-2024-5693)

Memory Corruption in Text Fragments. (CVE-2024-5696)

Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. (CVE-2024-5700)

References:
https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
========================

Updated packages in core/updates_testing:
========================
thunderbird-115.12.0-1.mga9
thunderbird-af-115.12.0-1.mga9
thunderbird-ar-115.12.0-1.mga9
thunderbird-ast-115.12.0-1.mga9
thunderbird-be-115.12.0-1.mga9
thunderbird-bg-115.12.0-1.mga9
thunderbird-br-115.12.0-1.mga9
thunderbird-ca-115.12.0-1.mga9
thunderbird-cs-115.12.0-1.mga9
thunderbird-cy-115.12.0-1.mga9
thunderbird-da-115.12.0-1.mga9
thunderbird-de-115.12.0-1.mga9
thunderbird-dsb-115.12.0-1.mga9
thunderbird-el-115.12.0-1.mga9
thunderbird-en_CA-115.12.0-1.mga9
thunderbird-en_GB-115.12.0-1.mga9
thunderbird-en_US-115.12.0-1.mga9
thunderbird-es_AR-115.12.0-1.mga9
thunderbird-es_ES-115.12.0-1.mga9
thunderbird-es_MX-115.12.0-1.mga9
thunderbird-et-115.12.0-1.mga9
thunderbird-eu-115.12.0-1.mga9
thunderbird-fi-115.12.0-1.mga9
thunderbird-fr-115.12.0-1.mga9
thunderbird-fy_NL-115.12.0-1.mga9
thunderbird-ga_IE-115.12.0-1.mga9
thunderbird-gd-115.12.0-1.mga9
thunderbird-gl-115.12.0-1.mga9
thunderbird-he-115.12.0-1.mga9
thunderbird-hr-115.12.0-1.mga9
thunderbird-hsb-115.12.0-1.mga9
thunderbird-hu-115.12.0-1.mga9
thunderbird-hy_AM-115.12.0-1.mga9
thunderbird-id-115.12.0-1.mga9
thunderbird-is-115.12.0-1.mga9
thunderbird-it-115.12.0-1.mga9
thunderbird-ja-115.12.0-1.mga9
thunderbird-ka-115.12.0-1.mga9
thunderbird-kab-115.12.0-1.mga9
thunderbird-kk-115.12.0-1.mga9
thunderbird-ko-115.12.0-1.mga9
thunderbird-lt-115.12.0-1.mga9
thunderbird-lv-115.12.0-1.mga9
thunderbird-ms-115.12.0-1.mga9
thunderbird-nb_NO-115.12.0-1.mga9
thunderbird-nl-115.12.0-1.mga9
thunderbird-nn_NO-115.12.0-1.mga9
thunderbird-pa_IN-115.12.0-1.mga9
thunderbird-pl-115.12.0-1.mga9
thunderbird-pt_BR-115.12.0-1.mga9
thunderbird-pt_PT-115.12.0-1.mga9
thunderbird-ro-115.12.0-1.mga9
thunderbird-ru-115.12.0-1.mga9
thunderbird-sk-115.12.0-1.mga9
thunderbird-sl-115.12.0-1.mga9
thunderbird-sq-115.12.0-1.mga9
thunderbird-sr-115.12.0-1.mga9
thunderbird-sv_SE-115.12.0-1.mga9
thunderbird-th-115.12.0-1.mga9
thunderbird-tr-115.12.0-1.mga9
thunderbird-uk-115.12.0-1.mga9
thunderbird-uz-115.12.0-1.mga9
thunderbird-vi-115.12.0-1.mga9
thunderbird-zh_CN-115.12.0-1.mga9
thunderbird-zh_TW-115.12.0-1.mga9

from SRPMS:
thunderbird-115.12.0-1.mga9.src.rpm
thunderbird-l10n-115.12.0-1.mga9.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

mga9-64 OK
Plasma X11, Intel I7-870, kernel-server-6.6.28-1
nvidia-current from testing repo

Closed thunderbird, updated, started:
Thunderbird just keep working OK:
Opened tabs restored
Settings and local mail kept
Swedish locale
IMAP (offline, IMAP to synk to server)
SMTP

I do not use calendar nor tasks

CC: (none) => fri

Hi,

Updated, mga-64 ok

Works fine for me, bug I have found this announcement in Release notes of Thunderbird: "Thunderbird 115.12.0 will not ship and is being superseded by Thunderbird 115.12.1."

Greetings!

CC: (none) => joselp

Here is the diff between 115.12.0 and 115.12.1:
"""
diff -Naurp thunderbird-115.12.0/comm/mail/config/version_display.txt thunderbird-115.12.1/comm/mail/config/version_display.txt
--- thunderbird-115.12.0/comm/mail/config/version_display.txt	2024-06-10 23:06:58.000000000 +0200
+++ thunderbird-115.12.1/comm/mail/config/version_display.txt	2024-06-18 18:14:31.000000000 +0200
@@ -1 +1 @@
-115.12.0
+115.12.1
diff -Naurp thunderbird-115.12.0/comm/mail/config/version.txt thunderbird-115.12.1/comm/mail/config/version.txt
--- thunderbird-115.12.0/comm/mail/config/version.txt	2024-06-10 23:06:58.000000000 +0200
+++ thunderbird-115.12.1/comm/mail/config/version.txt	2024-06-18 18:14:31.000000000 +0200
@@ -1 +1 @@
-115.12.0
+115.12.1
diff -Naurp thunderbird-115.12.0/comm/mail/installer/windows/nsis/defines.nsi.in thunderbird-115.12.1/comm/mail/installer/windows/nsis/defines.nsi.in
--- thunderbird-115.12.0/comm/mail/installer/windows/nsis/defines.nsi.in	2024-06-10 23:06:58.000000000 +0200
+++ thunderbird-115.12.1/comm/mail/installer/windows/nsis/defines.nsi.in	2024-06-18 18:14:31.000000000 +0200
@@ -40,11 +40,11 @@
 !define InstDirName           "${BrandFullName}"
 
 !define CERTIFICATE_NAME            "Mozilla Corporation"
-!define CERTIFICATE_ISSUER          "DigiCert SHA2 Assured ID Code Signing CA"
+!define CERTIFICATE_ISSUER          "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
 ; Changing the name or issuer requires us to have both the old and the new
 ;  in the registry at the same time, temporarily.
 !define CERTIFICATE_NAME_PREVIOUS   "Mozilla Corporation"
-!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert Assured ID Code Signing CA-1"
+!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert SHA2 Assured ID Code Signing CA"
 
 # ARCH is used when it is necessary to differentiate the x64 registry keys from
 # the x86 registry keys (e.g. the uninstall registry key).
diff -Naurp thunderbird-115.12.0/comm/mail/installer/windows/nsis/maintenanceservice_installer.nsi thunderbird-115.12.1/comm/mail/installer/windows/nsis/maintenanceservice_installer.nsi
--- thunderbird-115.12.0/comm/mail/installer/windows/nsis/maintenanceservice_installer.nsi	2024-06-10 23:06:58.000000000 +0200
+++ thunderbird-115.12.1/comm/mail/installer/windows/nsis/maintenanceservice_installer.nsi	2024-06-18 18:14:31.000000000 +0200
@@ -217,7 +217,7 @@ Section "MaintenanceService"
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   ; WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
+  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
   ${If} ${RunningX64}
   ${OrIf} ${IsNativeARM64}
     SetRegView lastused
diff -Naurp thunderbird-115.12.0/comm/taskcluster/ci/release-flatpak-push/kind.yml thunderbird-115.12.1/comm/taskcluster/ci/release-flatpak-push/kind.yml
--- thunderbird-115.12.0/comm/taskcluster/ci/release-flatpak-push/kind.yml	2024-06-10 23:06:58.000000000 +0200
+++ thunderbird-115.12.1/comm/taskcluster/ci/release-flatpak-push/kind.yml	2024-06-18 18:14:32.000000000 +0200
@@ -31,7 +31,7 @@ job-defaults:
         channel:
             by-release-type:
                 beta: beta
-                release: stable
+                esr115: stable
                 default: mock
 
 jobs:
diff -Naurp thunderbird-115.12.0/sourcestamp.txt thunderbird-115.12.1/sourcestamp.txt
--- thunderbird-115.12.0/sourcestamp.txt	2024-06-10 23:07:17.000000000 +0200
+++ thunderbird-115.12.1/sourcestamp.txt	2024-06-18 18:14:51.000000000 +0200
@@ -1,3 +1,3 @@
-20240610193835
-https://hg.mozilla.org/releases/comm-esr115/rev/daf99ed4f8543bdc753f466b18dbdadfd7f35f84
+20240618125055
+https://hg.mozilla.org/releases/comm-esr115/rev/d6ae5fada4e4c389a74d18d69e55fdfcb9706f3d
 https://hg.mozilla.org/releases/mozilla-esr115/rev/6b05ad1f5f2dbb0d47ac169115e250ff3776289c
"""

If I understand it correctly, the changes affect the installer for Windows so there is no need to build version 115.12.1.

MGA9-64 Plasma on two sets of hardware, installing the US English version. 

No installation issues. Sent and received POP mail, worked with newsgroups, no issues to report. 

I do not use the calendar. Perhaps that is why sometimes I don't know what day it is...

CC: (none) => andrewsfarm

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
This laptop did not have Thunderbird before, so used the wizard to connect to my hotmail account, that went OK
Send and receive plain message and message with attachment ; works OK.
Connected my google calendar, works OK in the end, took some time to get around
Good enough for me.

CC: (none) => herman.viaene

Still OK after several days of use. Validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0231.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED