RedHat has issued an advisory today (October 15): https://rhn.redhat.com/errata/RHSA-2014-1635.html This will be our first update to the 31 ESR branch for Mageia 3 and Mageia 4. The update will require updated libvpx and sqlite3 versions as well. For Mageia 4, we're also updating libpng to the newest version. The nss package will also be updated to 3.17.2 with this update. Besides the security issues that are fixed in Firefox and Thunderbird 31.2, this update will fix one other security issue in Enigmail (part of the Thunderbird package), CVE-2013-5369, for which OpenSuSE issued an update on September 8: http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html from http://lwn.net/Vulnerabilities/610601/ Reproducible: Steps to Reproduce:
CC: (none) => doktor5000Whiteboard: (none) => MGA4TOO, MGA3TOO
Oh, the thunderbird-lightning package is also being updated to version 3.3 for this update.
RedHat hasn't yet updated thunderbird, but Ubuntu has: http://www.ubuntu.com/usn/usn-2373-1/
URL: (none) => http://lwn.net/Vulnerabilities/616263/
I believe everything is committed in SVN. I'm waiting for freeze pushes in Cauldron. These have yet to be built in updates_testing: firefox-31.2.0-1.mga3.src.rpm thunderbird-31.2.0-1.mga3.src.rpm thunderbird-l10n-31.2.0-1.mga3.src.rpm thunderbird-lightning-3.3-1.mga3.src.rpm firefox-31.2.0-1.mga4.src.rpm thunderbird-31.2.0-1.mga4.src.rpm thunderbird-l10n-31.2.0-1.mga4.src.rpm These ones are already built in updates_testing: libvpx-1.3.0-1.mga3.src.rpm sqlite3-3.8.6-1.mga3.src.rpm nss-3.17.2-1.mga3.src.rpm firefox-l10n-31.2.0-1.mga3.src.rpm libpng-1.6.13-1.mga4.src.rpm libvpx-1.3.0-1.mga4.src.rpm sqlite3-3.8.6-1.mga4.src.rpm nss-3.17.2-1.mga4.src.rpm firefox-l10n-31.2.0-1.mga4.src.rpm thunderbird-lightning-3.3-1.mga4.src.rpm The full package list for the ones already built: libvpx1-1.3.0-1.mga3 libvpx-devel-1.3.0-1.mga3 libvpx-utils-1.3.0-1.mga3 sqlite3-tcl-3.8.6-1.mga3 sqlite3-tools-3.8.6-1.mga3 lemon-3.8.6-1.mga3 libsqlite3-devel-3.8.6-1.mga3 libsqlite3-static-devel-3.8.6-1.mga3 libsqlite3_0-3.8.6-1.mga3 nss-3.17.2-1.mga3 nss-doc-3.17.2-1.mga3 libnss3-3.17.2-1.mga3 libnss-devel-3.17.2-1.mga3 libnss-static-devel-3.17.2-1.mga3 firefox-af-31.2.0-1.mga3 firefox-ar-31.2.0-1.mga3 firefox-as-31.2.0-1.mga3 firefox-ast-31.2.0-1.mga3 firefox-be-31.2.0-1.mga3 firefox-bg-31.2.0-1.mga3 firefox-bn_IN-31.2.0-1.mga3 firefox-bn_BD-31.2.0-1.mga3 firefox-br-31.2.0-1.mga3 firefox-bs-31.2.0-1.mga3 firefox-ca-31.2.0-1.mga3 firefox-cs-31.2.0-1.mga3 firefox-csb-31.2.0-1.mga3 firefox-cy-31.2.0-1.mga3 firefox-da-31.2.0-1.mga3 firefox-de-31.2.0-1.mga3 firefox-el-31.2.0-1.mga3 firefox-en_GB-31.2.0-1.mga3 firefox-en_ZA-31.2.0-1.mga3 firefox-eo-31.2.0-1.mga3 firefox-es_AR-31.2.0-1.mga3 firefox-es_CL-31.2.0-1.mga3 firefox-es_ES-31.2.0-1.mga3 firefox-es_MX-31.2.0-1.mga3 firefox-et-31.2.0-1.mga3 firefox-eu-31.2.0-1.mga3 firefox-fa-31.2.0-1.mga3 firefox-ff-31.2.0-1.mga3 firefox-fi-31.2.0-1.mga3 firefox-fr-31.2.0-1.mga3 firefox-fy-31.2.0-1.mga3 firefox-ga_IE-31.2.0-1.mga3 firefox-gd-31.2.0-1.mga3 firefox-gl-31.2.0-1.mga3 firefox-gu_IN-31.2.0-1.mga3 firefox-he-31.2.0-1.mga3 firefox-hi-31.2.0-1.mga3 firefox-hr-31.2.0-1.mga3 firefox-hu-31.2.0-1.mga3 firefox-hy-31.2.0-1.mga3 firefox-id-31.2.0-1.mga3 firefox-is-31.2.0-1.mga3 firefox-it-31.2.0-1.mga3 firefox-ja-31.2.0-1.mga3 firefox-kk-31.2.0-1.mga3 firefox-ko-31.2.0-1.mga3 firefox-km-31.2.0-1.mga3 firefox-kn-31.2.0-1.mga3 firefox-ku-31.2.0-1.mga3 firefox-lg-31.2.0-1.mga3 firefox-lij-31.2.0-1.mga3 firefox-lt-31.2.0-1.mga3 firefox-lv-31.2.0-1.mga3 firefox-mai-31.2.0-1.mga3 firefox-mk-31.2.0-1.mga3 firefox-ml-31.2.0-1.mga3 firefox-mr-31.2.0-1.mga3 firefox-nb_NO-31.2.0-1.mga3 firefox-nl-31.2.0-1.mga3 firefox-nn_NO-31.2.0-1.mga3 firefox-nso-31.2.0-1.mga3 firefox-or-31.2.0-1.mga3 firefox-pa_IN-31.2.0-1.mga3 firefox-pl-31.2.0-1.mga3 firefox-pt_BR-31.2.0-1.mga3 firefox-pt_PT-31.2.0-1.mga3 firefox-ro-31.2.0-1.mga3 firefox-ru-31.2.0-1.mga3 firefox-si-31.2.0-1.mga3 firefox-sk-31.2.0-1.mga3 firefox-sl-31.2.0-1.mga3 firefox-sq-31.2.0-1.mga3 firefox-sr-31.2.0-1.mga3 firefox-sv_SE-31.2.0-1.mga3 firefox-ta-31.2.0-1.mga3 firefox-ta_LK-31.2.0-1.mga3 firefox-te-31.2.0-1.mga3 firefox-th-31.2.0-1.mga3 firefox-tr-31.2.0-1.mga3 firefox-uk-31.2.0-1.mga3 firefox-vi-31.2.0-1.mga3 firefox-zh_CN-31.2.0-1.mga3 firefox-zh_TW-31.2.0-1.mga3 firefox-zu-31.2.0-1.mga3 libpng16_16-1.6.13-1.mga4 libpng-devel-1.6.13-1.mga4 libvpx1-1.3.0-1.mga4 libvpx-devel-1.3.0-1.mga4 libvpx-utils-1.3.0-1.mga4 sqlite3-tcl-3.8.6-1.mga4 sqlite3-tools-3.8.6-1.mga4 lemon-3.8.6-1.mga4 libsqlite3-devel-3.8.6-1.mga4 libsqlite3-static-devel-3.8.6-1.mga4 libsqlite3_0-3.8.6-1.mga4 nss-3.17.2-1.mga4 nss-doc-3.17.2-1.mga4 libnss3-3.17.2-1.mga4 libnss-devel-3.17.2-1.mga4 libnss-static-devel-3.17.2-1.mga4 firefox-af-31.2.0-1.mga4 firefox-ar-31.2.0-1.mga4 firefox-as-31.2.0-1.mga4 firefox-ast-31.2.0-1.mga4 firefox-be-31.2.0-1.mga4 firefox-bg-31.2.0-1.mga4 firefox-bn_IN-31.2.0-1.mga4 firefox-bn_BD-31.2.0-1.mga4 firefox-br-31.2.0-1.mga4 firefox-bs-31.2.0-1.mga4 firefox-ca-31.2.0-1.mga4 firefox-cs-31.2.0-1.mga4 firefox-csb-31.2.0-1.mga4 firefox-cy-31.2.0-1.mga4 firefox-da-31.2.0-1.mga4 firefox-de-31.2.0-1.mga4 firefox-el-31.2.0-1.mga4 firefox-en_GB-31.2.0-1.mga4 firefox-en_ZA-31.2.0-1.mga4 firefox-eo-31.2.0-1.mga4 firefox-es_AR-31.2.0-1.mga4 firefox-es_CL-31.2.0-1.mga4 firefox-es_ES-31.2.0-1.mga4 firefox-es_MX-31.2.0-1.mga4 firefox-et-31.2.0-1.mga4 firefox-eu-31.2.0-1.mga4 firefox-fa-31.2.0-1.mga4 firefox-ff-31.2.0-1.mga4 firefox-fi-31.2.0-1.mga4 firefox-fr-31.2.0-1.mga4 firefox-fy-31.2.0-1.mga4 firefox-ga_IE-31.2.0-1.mga4 firefox-gd-31.2.0-1.mga4 firefox-gl-31.2.0-1.mga4 firefox-gu_IN-31.2.0-1.mga4 firefox-he-31.2.0-1.mga4 firefox-hi-31.2.0-1.mga4 firefox-hr-31.2.0-1.mga4 firefox-hu-31.2.0-1.mga4 firefox-hy-31.2.0-1.mga4 firefox-id-31.2.0-1.mga4 firefox-is-31.2.0-1.mga4 firefox-it-31.2.0-1.mga4 firefox-ja-31.2.0-1.mga4 firefox-kk-31.2.0-1.mga4 firefox-ko-31.2.0-1.mga4 firefox-km-31.2.0-1.mga4 firefox-kn-31.2.0-1.mga4 firefox-ku-31.2.0-1.mga4 firefox-lg-31.2.0-1.mga4 firefox-lij-31.2.0-1.mga4 firefox-lt-31.2.0-1.mga4 firefox-lv-31.2.0-1.mga4 firefox-mai-31.2.0-1.mga4 firefox-mk-31.2.0-1.mga4 firefox-ml-31.2.0-1.mga4 firefox-mr-31.2.0-1.mga4 firefox-nb_NO-31.2.0-1.mga4 firefox-nl-31.2.0-1.mga4 firefox-nn_NO-31.2.0-1.mga4 firefox-nso-31.2.0-1.mga4 firefox-or-31.2.0-1.mga4 firefox-pa_IN-31.2.0-1.mga4 firefox-pl-31.2.0-1.mga4 firefox-pt_BR-31.2.0-1.mga4 firefox-pt_PT-31.2.0-1.mga4 firefox-ro-31.2.0-1.mga4 firefox-ru-31.2.0-1.mga4 firefox-si-31.2.0-1.mga4 firefox-sk-31.2.0-1.mga4 firefox-sl-31.2.0-1.mga4 firefox-sq-31.2.0-1.mga4 firefox-sr-31.2.0-1.mga4 firefox-sv_SE-31.2.0-1.mga4 firefox-ta-31.2.0-1.mga4 firefox-ta_LK-31.2.0-1.mga4 firefox-te-31.2.0-1.mga4 firefox-th-31.2.0-1.mga4 firefox-tr-31.2.0-1.mga4 firefox-uk-31.2.0-1.mga4 firefox-vi-31.2.0-1.mga4 firefox-zh_CN-31.2.0-1.mga4 firefox-zh_TW-31.2.0-1.mga4 firefox-zu-31.2.0-1.mga4 thunderbird-lightning-3.3-1.mga4
Testing firefox 31.2 mga4 64&32 no crash not even single problem found so far,same to thunderbird tomorrow i will test mga3.
CC: (none) => ozkyster
The firefox 31.2 mga4 build that was temporarily available was removed due to some errors in the SPEC file. It will be rebuilt later. No FF/TB builds are available to test yet.
Ok i will remove it from testing and wait for newer version.
RedHat has issued an advisory for Thunderbird on October 15: https://rhn.redhat.com/errata/RHSA-2014-1647.html
The thunderbird and thunderbird-l10n packages have been pushed in Cauldron. For firefox in Cauldron, there's a linking error: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20141016115250.ennael.valstar.19035/log/firefox-31.2.0-2.mga5/build.0.20141016120428.log
Actually only those two lines are an issue: /home/iurt/rpmbuild/BUILD/mozilla-esr31/content/media/SharedBuffer.h:68: error: undefined reference to 'mozilla::AudioQueueMemoryFunctor::MallocSizeOf(void const*)' /home/iurt/rpmbuild/BUILD/mozilla-esr31/content/media/MediaData.h:86: error: undefined reference to 'mozilla::AudioQueueMemoryFunctor::MallocSizeOf(void const*)' See e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1025639 and maybe https://bugzilla.mozilla.org/show_bug.cgi?id=999496 Probably won't have time to look at this until end of next week -.-
CC: (none) => alejandrocobo
(In reply to David Walser from comment #5) > The firefox 31.2 mga4 build that was temporarily available was removed due > to some errors in the SPEC file. It will be rebuilt later. No FF/TB builds > are available to test yet. Which errors?
CC: (none) => oe
(In reply to Oden Eriksson from comment #10) > (In reply to David Walser from comment #5) > > The firefox 31.2 mga4 build that was temporarily available was removed due > > to some errors in the SPEC file. It will be rebuilt later. No FF/TB builds > > are available to test yet. > > Which errors? The ones I fixed in this commit: http://svnweb.mageia.org/packages?view=revision&revision=755374 It's basically ready to build now, but the problem is it doesn't build in Cauldron, as you can see in Comment 8. Florian gave some links that might help in Comment 9, and Thierry commented on the dev ml that he may have fixed this issue previously in firefox-beta in Cauldron, I'm guessing with this commit: http://svnweb.mageia.org/packages?view=revision&revision=636421 I'll try adding that patch when I get a chance, maybe tomorrow.
http://svnweb.mageia.org/packages?view=revision&revision=792682 sent to BS as firefox-31.2.0-3.mga5 for updates_testing, let's hope it builds.
CC: (none) => anaselli
Everything is built and uploaded. Advisory to come. Updated packages in core/updates_testing: ======================== libvpx1-1.3.0-1.mga3 libvpx-devel-1.3.0-1.mga3 libvpx-utils-1.3.0-1.mga3 sqlite3-tcl-3.8.6-1.mga3 sqlite3-tools-3.8.6-1.mga3 lemon-3.8.6-1.mga3 libsqlite3-devel-3.8.6-1.mga3 libsqlite3-static-devel-3.8.6-1.mga3 libsqlite3_0-3.8.6-1.mga3 nss-3.17.2-1.mga3 nss-doc-3.17.2-1.mga3 libnss3-3.17.2-1.mga3 libnss-devel-3.17.2-1.mga3 libnss-static-devel-3.17.2-1.mga3 firefox-31.2.0-1.mga3 firefox-devel-31.2.0-1.mga3 firefox-af-31.2.0-1.mga3 firefox-ar-31.2.0-1.mga3 firefox-as-31.2.0-1.mga3 firefox-ast-31.2.0-1.mga3 firefox-be-31.2.0-1.mga3 firefox-bg-31.2.0-1.mga3 firefox-bn_IN-31.2.0-1.mga3 firefox-bn_BD-31.2.0-1.mga3 firefox-br-31.2.0-1.mga3 firefox-bs-31.2.0-1.mga3 firefox-ca-31.2.0-1.mga3 firefox-cs-31.2.0-1.mga3 firefox-csb-31.2.0-1.mga3 firefox-cy-31.2.0-1.mga3 firefox-da-31.2.0-1.mga3 firefox-de-31.2.0-1.mga3 firefox-el-31.2.0-1.mga3 firefox-en_GB-31.2.0-1.mga3 firefox-en_ZA-31.2.0-1.mga3 firefox-eo-31.2.0-1.mga3 firefox-es_AR-31.2.0-1.mga3 firefox-es_CL-31.2.0-1.mga3 firefox-es_ES-31.2.0-1.mga3 firefox-es_MX-31.2.0-1.mga3 firefox-et-31.2.0-1.mga3 firefox-eu-31.2.0-1.mga3 firefox-fa-31.2.0-1.mga3 firefox-ff-31.2.0-1.mga3 firefox-fi-31.2.0-1.mga3 firefox-fr-31.2.0-1.mga3 firefox-fy-31.2.0-1.mga3 firefox-ga_IE-31.2.0-1.mga3 firefox-gd-31.2.0-1.mga3 firefox-gl-31.2.0-1.mga3 firefox-gu_IN-31.2.0-1.mga3 firefox-he-31.2.0-1.mga3 firefox-hi-31.2.0-1.mga3 firefox-hr-31.2.0-1.mga3 firefox-hu-31.2.0-1.mga3 firefox-hy-31.2.0-1.mga3 firefox-id-31.2.0-1.mga3 firefox-is-31.2.0-1.mga3 firefox-it-31.2.0-1.mga3 firefox-ja-31.2.0-1.mga3 firefox-kk-31.2.0-1.mga3 firefox-ko-31.2.0-1.mga3 firefox-km-31.2.0-1.mga3 firefox-kn-31.2.0-1.mga3 firefox-ku-31.2.0-1.mga3 firefox-lg-31.2.0-1.mga3 firefox-lij-31.2.0-1.mga3 firefox-lt-31.2.0-1.mga3 firefox-lv-31.2.0-1.mga3 firefox-mai-31.2.0-1.mga3 firefox-mk-31.2.0-1.mga3 firefox-ml-31.2.0-1.mga3 firefox-mr-31.2.0-1.mga3 firefox-nb_NO-31.2.0-1.mga3 firefox-nl-31.2.0-1.mga3 firefox-nn_NO-31.2.0-1.mga3 firefox-nso-31.2.0-1.mga3 firefox-or-31.2.0-1.mga3 firefox-pa_IN-31.2.0-1.mga3 firefox-pl-31.2.0-1.mga3 firefox-pt_BR-31.2.0-1.mga3 firefox-pt_PT-31.2.0-1.mga3 firefox-ro-31.2.0-1.mga3 firefox-ru-31.2.0-1.mga3 firefox-si-31.2.0-1.mga3 firefox-sk-31.2.0-1.mga3 firefox-sl-31.2.0-1.mga3 firefox-sq-31.2.0-1.mga3 firefox-sr-31.2.0-1.mga3 firefox-sv_SE-31.2.0-1.mga3 firefox-ta-31.2.0-1.mga3 firefox-ta_LK-31.2.0-1.mga3 firefox-te-31.2.0-1.mga3 firefox-th-31.2.0-1.mga3 firefox-tr-31.2.0-1.mga3 firefox-uk-31.2.0-1.mga3 firefox-vi-31.2.0-1.mga3 firefox-zh_CN-31.2.0-1.mga3 firefox-zh_TW-31.2.0-1.mga3 firefox-zu-31.2.0-1.mga3 thunderbird-31.2.0-1.mga3 thunderbird-enigmail-31.2.0-1.mga3 nsinstall-31.2.0-1.mga3 thunderbird-ar-31.2.0-1.mga3 thunderbird-ast-31.2.0-1.mga3 thunderbird-be-31.2.0-1.mga3 thunderbird-bg-31.2.0-1.mga3 thunderbird-bn_BD-31.2.0-1.mga3 thunderbird-br-31.2.0-1.mga3 thunderbird-ca-31.2.0-1.mga3 thunderbird-cs-31.2.0-1.mga3 thunderbird-da-31.2.0-1.mga3 thunderbird-de-31.2.0-1.mga3 thunderbird-el-31.2.0-1.mga3 thunderbird-en_GB-31.2.0-1.mga3 thunderbird-es_AR-31.2.0-1.mga3 thunderbird-es_ES-31.2.0-1.mga3 thunderbird-et-31.2.0-1.mga3 thunderbird-eu-31.2.0-1.mga3 thunderbird-fi-31.2.0-1.mga3 thunderbird-fr-31.2.0-1.mga3 thunderbird-fy-31.2.0-1.mga3 thunderbird-ga-31.2.0-1.mga3 thunderbird-gd-31.2.0-1.mga3 thunderbird-gl-31.2.0-1.mga3 thunderbird-he-31.2.0-1.mga3 thunderbird-hr-31.2.0-1.mga3 thunderbird-hu-31.2.0-1.mga3 thunderbird-hy-31.2.0-1.mga3 thunderbird-id-31.2.0-1.mga3 thunderbird-is-31.2.0-1.mga3 thunderbird-it-31.2.0-1.mga3 thunderbird-ja-31.2.0-1.mga3 thunderbird-ko-31.2.0-1.mga3 thunderbird-lt-31.2.0-1.mga3 thunderbird-nb_NO-31.2.0-1.mga3 thunderbird-nl-31.2.0-1.mga3 thunderbird-nn_NO-31.2.0-1.mga3 thunderbird-pl-31.2.0-1.mga3 thunderbird-pa_IN-31.2.0-1.mga3 thunderbird-pt_BR-31.2.0-1.mga3 thunderbird-pt_PT-31.2.0-1.mga3 thunderbird-ro-31.2.0-1.mga3 thunderbird-ru-31.2.0-1.mga3 thunderbird-si-31.2.0-1.mga3 thunderbird-sk-31.2.0-1.mga3 thunderbird-sl-31.2.0-1.mga3 thunderbird-sq-31.2.0-1.mga3 thunderbird-sv_SE-31.2.0-1.mga3 thunderbird-ta_LK-31.2.0-1.mga3 thunderbird-tr-31.2.0-1.mga3 thunderbird-uk-31.2.0-1.mga3 thunderbird-vi-31.2.0-1.mga3 thunderbird-zh_CN-31.2.0-1.mga3 thunderbird-zh_TW-31.2.0-1.mga3 thunderbird-lightning-3.3-1.mga3 libpng16_16-1.6.13-1.mga4 libpng-devel-1.6.13-1.mga4 libvpx1-1.3.0-1.mga4 libvpx-devel-1.3.0-1.mga4 libvpx-utils-1.3.0-1.mga4 sqlite3-tcl-3.8.6-1.mga4 sqlite3-tools-3.8.6-1.mga4 lemon-3.8.6-1.mga4 libsqlite3-devel-3.8.6-1.mga4 libsqlite3-static-devel-3.8.6-1.mga4 libsqlite3_0-3.8.6-1.mga4 nss-3.17.2-1.mga4 nss-doc-3.17.2-1.mga4 libnss3-3.17.2-1.mga4 libnss-devel-3.17.2-1.mga4 libnss-static-devel-3.17.2-1.mga4 firefox-31.2.0-1.mga4 firefox-devel-31.2.0-1.mga4 firefox-af-31.2.0-1.mga4 firefox-ar-31.2.0-1.mga4 firefox-as-31.2.0-1.mga4 firefox-ast-31.2.0-1.mga4 firefox-be-31.2.0-1.mga4 firefox-bg-31.2.0-1.mga4 firefox-bn_IN-31.2.0-1.mga4 firefox-bn_BD-31.2.0-1.mga4 firefox-br-31.2.0-1.mga4 firefox-bs-31.2.0-1.mga4 firefox-ca-31.2.0-1.mga4 firefox-cs-31.2.0-1.mga4 firefox-csb-31.2.0-1.mga4 firefox-cy-31.2.0-1.mga4 firefox-da-31.2.0-1.mga4 firefox-de-31.2.0-1.mga4 firefox-el-31.2.0-1.mga4 firefox-en_GB-31.2.0-1.mga4 firefox-en_ZA-31.2.0-1.mga4 firefox-eo-31.2.0-1.mga4 firefox-es_AR-31.2.0-1.mga4 firefox-es_CL-31.2.0-1.mga4 firefox-es_ES-31.2.0-1.mga4 firefox-es_MX-31.2.0-1.mga4 firefox-et-31.2.0-1.mga4 firefox-eu-31.2.0-1.mga4 firefox-fa-31.2.0-1.mga4 firefox-ff-31.2.0-1.mga4 firefox-fi-31.2.0-1.mga4 firefox-fr-31.2.0-1.mga4 firefox-fy-31.2.0-1.mga4 firefox-ga_IE-31.2.0-1.mga4 firefox-gd-31.2.0-1.mga4 firefox-gl-31.2.0-1.mga4 firefox-gu_IN-31.2.0-1.mga4 firefox-he-31.2.0-1.mga4 firefox-hi-31.2.0-1.mga4 firefox-hr-31.2.0-1.mga4 firefox-hu-31.2.0-1.mga4 firefox-hy-31.2.0-1.mga4 firefox-id-31.2.0-1.mga4 firefox-is-31.2.0-1.mga4 firefox-it-31.2.0-1.mga4 firefox-ja-31.2.0-1.mga4 firefox-kk-31.2.0-1.mga4 firefox-ko-31.2.0-1.mga4 firefox-km-31.2.0-1.mga4 firefox-kn-31.2.0-1.mga4 firefox-ku-31.2.0-1.mga4 firefox-lg-31.2.0-1.mga4 firefox-lij-31.2.0-1.mga4 firefox-lt-31.2.0-1.mga4 firefox-lv-31.2.0-1.mga4 firefox-mai-31.2.0-1.mga4 firefox-mk-31.2.0-1.mga4 firefox-ml-31.2.0-1.mga4 firefox-mr-31.2.0-1.mga4 firefox-nb_NO-31.2.0-1.mga4 firefox-nl-31.2.0-1.mga4 firefox-nn_NO-31.2.0-1.mga4 firefox-nso-31.2.0-1.mga4 firefox-or-31.2.0-1.mga4 firefox-pa_IN-31.2.0-1.mga4 firefox-pl-31.2.0-1.mga4 firefox-pt_BR-31.2.0-1.mga4 firefox-pt_PT-31.2.0-1.mga4 firefox-ro-31.2.0-1.mga4 firefox-ru-31.2.0-1.mga4 firefox-si-31.2.0-1.mga4 firefox-sk-31.2.0-1.mga4 firefox-sl-31.2.0-1.mga4 firefox-sq-31.2.0-1.mga4 firefox-sr-31.2.0-1.mga4 firefox-sv_SE-31.2.0-1.mga4 firefox-ta-31.2.0-1.mga4 firefox-ta_LK-31.2.0-1.mga4 firefox-te-31.2.0-1.mga4 firefox-th-31.2.0-1.mga4 firefox-tr-31.2.0-1.mga4 firefox-uk-31.2.0-1.mga4 firefox-vi-31.2.0-1.mga4 firefox-zh_CN-31.2.0-1.mga4 firefox-zh_TW-31.2.0-1.mga4 firefox-zu-31.2.0-1.mga4 thunderbird-31.2.0-1.mga4 thunderbird-enigmail-31.2.0-1.mga4 nsinstall-31.2.0-1.mga4 thunderbird-ar-31.2.0-1.mga4 thunderbird-ast-31.2.0-1.mga4 thunderbird-be-31.2.0-1.mga4 thunderbird-bg-31.2.0-1.mga4 thunderbird-bn_BD-31.2.0-1.mga4 thunderbird-br-31.2.0-1.mga4 thunderbird-ca-31.2.0-1.mga4 thunderbird-cs-31.2.0-1.mga4 thunderbird-da-31.2.0-1.mga4 thunderbird-de-31.2.0-1.mga4 thunderbird-el-31.2.0-1.mga4 thunderbird-en_GB-31.2.0-1.mga4 thunderbird-es_AR-31.2.0-1.mga4 thunderbird-es_ES-31.2.0-1.mga4 thunderbird-et-31.2.0-1.mga4 thunderbird-eu-31.2.0-1.mga4 thunderbird-fi-31.2.0-1.mga4 thunderbird-fr-31.2.0-1.mga4 thunderbird-fy-31.2.0-1.mga4 thunderbird-ga-31.2.0-1.mga4 thunderbird-gd-31.2.0-1.mga4 thunderbird-gl-31.2.0-1.mga4 thunderbird-he-31.2.0-1.mga4 thunderbird-hr-31.2.0-1.mga4 thunderbird-hu-31.2.0-1.mga4 thunderbird-hy-31.2.0-1.mga4 thunderbird-id-31.2.0-1.mga4 thunderbird-is-31.2.0-1.mga4 thunderbird-it-31.2.0-1.mga4 thunderbird-ja-31.2.0-1.mga4 thunderbird-ko-31.2.0-1.mga4 thunderbird-lt-31.2.0-1.mga4 thunderbird-nb_NO-31.2.0-1.mga4 thunderbird-nl-31.2.0-1.mga4 thunderbird-nn_NO-31.2.0-1.mga4 thunderbird-pl-31.2.0-1.mga4 thunderbird-pa_IN-31.2.0-1.mga4 thunderbird-pt_BR-31.2.0-1.mga4 thunderbird-pt_PT-31.2.0-1.mga4 thunderbird-ro-31.2.0-1.mga4 thunderbird-ru-31.2.0-1.mga4 thunderbird-si-31.2.0-1.mga4 thunderbird-sk-31.2.0-1.mga4 thunderbird-sl-31.2.0-1.mga4 thunderbird-sq-31.2.0-1.mga4 thunderbird-sv_SE-31.2.0-1.mga4 thunderbird-ta_LK-31.2.0-1.mga4 thunderbird-tr-31.2.0-1.mga4 thunderbird-uk-31.2.0-1.mga4 thunderbird-vi-31.2.0-1.mga4 thunderbird-zh_CN-31.2.0-1.mga4 thunderbird-zh_TW-31.2.0-1.mga4 thunderbird-lightning-3.3-1.mga4 from SRPMS: libvpx-1.3.0-1.mga3.src.rpm sqlite3-3.8.6-1.mga3.src.rpm nss-3.17.2-1.mga3.src.rpm firefox-31.2.0-1.mga3.src.rpm firefox-l10n-31.2.0-1.mga3.src.rpm thunderbird-31.2.0-1.mga3.src.rpm thunderbird-l10n-31.2.0-1.mga3.src.rpm thunderbird-lightning-3.3-1.mga3.src.rpm libpng-1.6.13-1.mga4.src.rpm libvpx-1.3.0-1.mga4.src.rpm sqlite3-3.8.6-1.mga4.src.rpm nss-3.17.2-1.mga4.src.rpm firefox-31.2.0-1.mga4.src.rpm firefox-l10n-31.2.0-1.mga4.src.rpm thunderbird-31.2.0-1.mga4.src.rpm thunderbird-l10n-31.2.0-1.mga4.src.rpm thunderbird-lightning-3.3-1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Advisory: ======================== Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576, CVE-2014-1577). A flaw was found in the Alarm API in Firefox, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions (CVE-2014-1583). Also, Enigmail (part of the Thunderbird package) has been updated to version 1.7.2 which contains several bugfixes including mail with only Bcc recipients being sent in plain text unexpectedly (CVE-2014-5369). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5369 https://www.mozilla.org/security/announce/2014/mfsa2014-74.html https://www.mozilla.org/security/announce/2014/mfsa2014-75.html https://www.mozilla.org/security/announce/2014/mfsa2014-76.html https://www.mozilla.org/security/announce/2014/mfsa2014-77.html https://www.mozilla.org/security/announce/2014/mfsa2014-79.html https://www.mozilla.org/security/announce/2014/mfsa2014-82.html https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://rhn.redhat.com/errata/RHSA-2014-1635.html https://rhn.redhat.com/errata/RHSA-2014-1647.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html
tested mga4-64 with the usual battery: Firefox: Acid3 sunspider for javascript general browsing javatester to verify java tested png files through google search Tested vp8 through www.webmfiles.org/demo-files Youtube for flash THunderbird: Send/receive/move/delete via smtp/imap, calendars load normally in lightning.
CC: (none) => wrw105Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok
tested mga3-64 as above: except, per luigi12 on IRC, there is no libpng update for mga3. Otherwise it behaves as expected.
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok
Tested mga3-32 as comment 16. All OK.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok
Firefox and Thunderbird working fine, Mageia 4 i586.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok
I tested Mga3-64 firefox and thunderbird ok,we should get this validated and pushed fast we can because 24 esr support is end of life so we have no supported firefox in both stable releases.
Yep, it's a critical update and it's delayed already since it took a while to get packaged. Feel free to validate it.
It seems all testing is done i validate this update if somebody have problems unvalidate it. Sysadmin please push this to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
It seems all testing is done i validate this update. Sysadmin please push this to updates.
Advisory uploaded.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok => MGA3TOO mga4-64-ok mga3-64-ok mga3-32-ok mga4-32-ok advisory
Adding a paragraph to the advisory if you could update it...thanks. Advisory: ======================== Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576, CVE-2014-1577). A flaw was found in the Alarm API in Firefox, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions (CVE-2014-1583). This update provides Firefox and Thunderbird 31.2, which fixes these issues and other bugs, and also provides several new features, including WebRTC support. The thunderbird-lightning package has also been updated to version 3.3 which is compatible with the new Thunderbird version. Also, Enigmail (part of the Thunderbird package) has been updated to version 1.7.2 which contains several bugfixes including mail with only Bcc recipients being sent in plain text unexpectedly (CVE-2014-5369). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5369 https://www.mozilla.org/security/announce/2014/mfsa2014-74.html https://www.mozilla.org/security/announce/2014/mfsa2014-75.html https://www.mozilla.org/security/announce/2014/mfsa2014-76.html https://www.mozilla.org/security/announce/2014/mfsa2014-77.html https://www.mozilla.org/security/announce/2014/mfsa2014-79.html https://www.mozilla.org/security/announce/2014/mfsa2014-82.html https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://rhn.redhat.com/errata/RHSA-2014-1635.html https://rhn.redhat.com/errata/RHSA-2014-1647.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html
Advisory updated.
CC: (none) => remi
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0421.html
Status: NEW => RESOLVEDResolution: (none) => FIXED