Bug 7915

Summary:	Thunderbird 10.0.10
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:
Severity:	critical
Priority:	Normal	CC:	davidwhodgins, fundawang, lemonzest, sysadmin-bugs, tmb, tolhildan_123
Version:	2	Keywords:	validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-64-OK MGA1-32-OK
Source RPM:	thunderbird-10.0.9-1.mga2.src.rpm, mozilla-thunderbird-10.0.9-1.mga1.src.rpm	CVE:
Status comment:

Description David Walser 2012-10-28 02:32:22 CET

RedHat has issued an advisory on October 26:
https://rhn.redhat.com/errata/RHSA-2012-1407.html

Updated packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated mozilla-thunderbird packages fix security vulnerabilities:

Multiple flaws were found in the location object implementation in Firefox.
Malicious content could be used to perform cross-site scripting attacks,
bypass the same-origin policy, or cause Firefox to execute arbitrary code
(CVE-2012-4194, CVE-2012-4195, CVE-2012-4196).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
https://rhn.redhat.com/errata/RHSA-2012-1407.html
========================

Updated packages in core/updates_testing:
========================
mozilla-thunderbird-10.0.10-1.mga1
mozilla-thunderbird-enigmail-10.0.10-1.mga1
nsinstall-10.0.10-1.mga1
mozilla-thunderbird-enigmail-ar-10.0.10-1.mga1
mozilla-thunderbird-enigmail-ca-10.0.10-1.mga1
mozilla-thunderbird-enigmail-cs-10.0.10-1.mga1
mozilla-thunderbird-enigmail-de-10.0.10-1.mga1
mozilla-thunderbird-enigmail-el-10.0.10-1.mga1
mozilla-thunderbird-enigmail-es-10.0.10-1.mga1
mozilla-thunderbird-enigmail-fi-10.0.10-1.mga1
mozilla-thunderbird-enigmail-fr-10.0.10-1.mga1
mozilla-thunderbird-enigmail-it-10.0.10-1.mga1
mozilla-thunderbird-enigmail-ja-10.0.10-1.mga1
mozilla-thunderbird-enigmail-ko-10.0.10-1.mga1
mozilla-thunderbird-enigmail-nb-10.0.10-1.mga1
mozilla-thunderbird-enigmail-nl-10.0.10-1.mga1
mozilla-thunderbird-enigmail-pl-10.0.10-1.mga1
mozilla-thunderbird-enigmail-pt-10.0.10-1.mga1
mozilla-thunderbird-enigmail-pt_BR-10.0.10-1.mga1
mozilla-thunderbird-enigmail-ru-10.0.10-1.mga1
mozilla-thunderbird-enigmail-sl-10.0.10-1.mga1
mozilla-thunderbird-enigmail-sv-10.0.10-1.mga1
mozilla-thunderbird-enigmail-tr-10.0.10-1.mga1
mozilla-thunderbird-enigmail-vi-10.0.10-1.mga1
mozilla-thunderbird-enigmail-zh_CN-10.0.10-1.mga1
mozilla-thunderbird-enigmail-zh_TW-10.0.10-1.mga1
mozilla-thunderbird-ar-10.0.10-1.mga1
mozilla-thunderbird-be-10.0.10-1.mga1
mozilla-thunderbird-bg-10.0.10-1.mga1
mozilla-thunderbird-bn_BD-10.0.10-1.mga1
mozilla-thunderbird-br-10.0.10-1.mga1
mozilla-thunderbird-ca-10.0.10-1.mga1
mozilla-thunderbird-cs-10.0.10-1.mga1
mozilla-thunderbird-da-10.0.10-1.mga1
mozilla-thunderbird-de-10.0.10-1.mga1
mozilla-thunderbird-el-10.0.10-1.mga1
mozilla-thunderbird-en_GB-10.0.10-1.mga1
mozilla-thunderbird-es_AR-10.0.10-1.mga1
mozilla-thunderbird-es_ES-10.0.10-1.mga1
mozilla-thunderbird-et-10.0.10-1.mga1
mozilla-thunderbird-eu-10.0.10-1.mga1
mozilla-thunderbird-fi-10.0.10-1.mga1
mozilla-thunderbird-fr-10.0.10-1.mga1
mozilla-thunderbird-fy-10.0.10-1.mga1
mozilla-thunderbird-ga-10.0.10-1.mga1
mozilla-thunderbird-gd-10.0.10-1.mga1
mozilla-thunderbird-gl-10.0.10-1.mga1
mozilla-thunderbird-he-10.0.10-1.mga1
mozilla-thunderbird-hu-10.0.10-1.mga1
mozilla-thunderbird-id-10.0.10-1.mga1
mozilla-thunderbird-is-10.0.10-1.mga1
mozilla-thunderbird-it-10.0.10-1.mga1
mozilla-thunderbird-ja-10.0.10-1.mga1
mozilla-thunderbird-ko-10.0.10-1.mga1
mozilla-thunderbird-lt-10.0.10-1.mga1
mozilla-thunderbird-nb_NO-10.0.10-1.mga1
mozilla-thunderbird-nl-10.0.10-1.mga1
mozilla-thunderbird-nn_NO-10.0.10-1.mga1
mozilla-thunderbird-pl-10.0.10-1.mga1
mozilla-thunderbird-pt_BR-10.0.10-1.mga1
mozilla-thunderbird-pt_PT-10.0.10-1.mga1
mozilla-thunderbird-ro-10.0.10-1.mga1
mozilla-thunderbird-ru-10.0.10-1.mga1
mozilla-thunderbird-si-10.0.10-1.mga1
mozilla-thunderbird-sk-10.0.10-1.mga1
mozilla-thunderbird-sl-10.0.10-1.mga1
mozilla-thunderbird-sq-10.0.10-1.mga1
mozilla-thunderbird-sv_SE-10.0.10-1.mga1
mozilla-thunderbird-ta_LK-10.0.10-1.mga1
mozilla-thunderbird-tr-10.0.10-1.mga1
mozilla-thunderbird-uk-10.0.10-1.mga1
mozilla-thunderbird-vi-10.0.10-1.mga1
mozilla-thunderbird-zh_CN-10.0.10-1.mga1
mozilla-thunderbird-zh_TW-10.0.10-1.mga1
thunderbird-10.0.10-1.mga2
thunderbird-enigmail-10.0.10-1.mga2
nsinstall-10.0.10-1.mga2
thunderbird-ar-10.0.10-1.mga2
thunderbird-ast-10.0.10-1.mga2
thunderbird-be-10.0.10-1.mga2
thunderbird-bg-10.0.10-1.mga2
thunderbird-bn_BD-10.0.10-1.mga2
thunderbird-br-10.0.10-1.mga2
thunderbird-ca-10.0.10-1.mga2
thunderbird-cs-10.0.10-1.mga2
thunderbird-da-10.0.10-1.mga2
thunderbird-de-10.0.10-1.mga2
thunderbird-el-10.0.10-1.mga2
thunderbird-en_GB-10.0.10-1.mga2
thunderbird-es_AR-10.0.10-1.mga2
thunderbird-es_ES-10.0.10-1.mga2
thunderbird-et-10.0.10-1.mga2
thunderbird-eu-10.0.10-1.mga2
thunderbird-fi-10.0.10-1.mga2
thunderbird-fr-10.0.10-1.mga2
thunderbird-fy-10.0.10-1.mga2
thunderbird-ga-10.0.10-1.mga2
thunderbird-gd-10.0.10-1.mga2
thunderbird-gl-10.0.10-1.mga2
thunderbird-he-10.0.10-1.mga2
thunderbird-hu-10.0.10-1.mga2
thunderbird-id-10.0.10-1.mga2
thunderbird-is-10.0.10-1.mga2
thunderbird-it-10.0.10-1.mga2
thunderbird-ja-10.0.10-1.mga2
thunderbird-ko-10.0.10-1.mga2
thunderbird-lt-10.0.10-1.mga2
thunderbird-nb_NO-10.0.10-1.mga2
thunderbird-nl-10.0.10-1.mga2
thunderbird-nn_NO-10.0.10-1.mga2
thunderbird-pl-10.0.10-1.mga2
thunderbird-pa_IN-10.0.10-1.mga2
thunderbird-pt_BR-10.0.10-1.mga2
thunderbird-pt_PT-10.0.10-1.mga2
thunderbird-ro-10.0.10-1.mga2
thunderbird-ru-10.0.10-1.mga2
thunderbird-si-10.0.10-1.mga2
thunderbird-sk-10.0.10-1.mga2
thunderbird-sl-10.0.10-1.mga2
thunderbird-sq-10.0.10-1.mga2
thunderbird-sv_SE-10.0.10-1.mga2
thunderbird-ta_LK-10.0.10-1.mga2
thunderbird-tr-10.0.10-1.mga2
thunderbird-uk-10.0.10-1.mga2
thunderbird-vi-10.0.10-1.mga2
thunderbird-zh_CN-10.0.10-1.mga2
thunderbird-zh_TW-10.0.10-1.mga2

from SRPMS:
mozilla-thunderbird-10.0.10-1.mga1.src.rpm
mozilla-thunderbird-l10n-10.0.10-1.mga1.src.rpm
thunderbird-10.0.10-1.mga2.src.rpm
thunderbird-l10n-10.0.10-1.mga2.src.rpm

David Walser 2012-10-28 02:50:22 CET

Whiteboard: (none) => MGA1TOO

Comment 1 David Walser 2012-10-28 02:58:27 CET

Adding Funda in CC as he uploaded these packages.

CC: (none) => fundawang

Comment 2 Manuel Hiebel 2012-10-28 12:18:28 CET

works fine on mga1 x86_64

Hardware: i586 => All

Comment 3 Simon Putt 2012-10-28 13:51:28 CET

works fine here also, and calendar and enigmail work too. no regressions in my extensions.

MGA2, x86_64

Simon/Lemonzest

CC: (none) => lemonzest

Comment 4 Tolhildan Karker 2012-10-28 14:50:11 CET

Tested completed for mga2, 32-bits and it works.

CC: (none) => tolhildan_123

David Walser 2012-10-28 15:35:00 CET

Whiteboard: MGA1TOO => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-64-OK

Comment 5 Dave Hodgins 2012-10-28 22:27:05 CET

Testing complete on Mageia 1 i586.

Testing used pop3, nntp, enigmail, and lightning.

Could someone from the sysadmin team push the srpms
thunderbird-10.0.10-1.mga2.src.rpm
thunderbird-l10n-10.0.10-1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates nd the srpms
mozilla-thunderbird-10.0.10-1.mga1.src.rpm
mozilla-thunderbird-l10n-10.0.10-1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated mozilla-thunderbird packages fix security vulnerabilities:

Multiple flaws were found in the location object implementation in Firefox.
Malicious content could be used to perform cross-site scripting attacks,
bypass the same-origin policy, or cause Firefox to execute arbitrary code
(CVE-2012-4194, CVE-2012-4195, CVE-2012-4196).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
http://www.mozilla.org/security/announce/2012/mfsa2012-90.html
https://rhn.redhat.com/errata/RHSA-2012-1407.html

https://bugs.mageia.org/show_bug.cgi?id=7915

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-64-OK => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-64-OK MGA1-32-OK

Comment 6 Thomas Backlund 2012-10-29 01:03:28 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0312

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED