Thunderbird 38.5.0 has been released today (December 23). No advisory details are available yet, but I'll post it when they are. Should be a subset of the issues fixed in Bug 17337. Updated packages in core/updates_testing: ======================== thunderbird-38.5.0-1.mga5 thunderbird-enigmail-38.5.0-1.mga5 thunderbird-ar-38.5.0-1.mga5 thunderbird-ast-38.5.0-1.mga5 thunderbird-be-38.5.0-1.mga5 thunderbird-bg-38.5.0-1.mga5 thunderbird-bn_BD-38.5.0-1.mga5 thunderbird-br-38.5.0-1.mga5 thunderbird-ca-38.5.0-1.mga5 thunderbird-cs-38.5.0-1.mga5 thunderbird-cy-38.5.0-1.mga5 thunderbird-da-38.5.0-1.mga5 thunderbird-de-38.5.0-1.mga5 thunderbird-el-38.5.0-1.mga5 thunderbird-en_GB-38.5.0-1.mga5 thunderbird-en_US-38.5.0-1.mga5 thunderbird-es_AR-38.5.0-1.mga5 thunderbird-es_ES-38.5.0-1.mga5 thunderbird-et-38.5.0-1.mga5 thunderbird-eu-38.5.0-1.mga5 thunderbird-fi-38.5.0-1.mga5 thunderbird-fr-38.5.0-1.mga5 thunderbird-fy_NL-38.5.0-1.mga5 thunderbird-ga_IE-38.5.0-1.mga5 thunderbird-gd-38.5.0-1.mga5 thunderbird-gl-38.5.0-1.mga5 thunderbird-he-38.5.0-1.mga5 thunderbird-hr-38.5.0-1.mga5 thunderbird-hsb-38.5.0-1.mga5 thunderbird-hu-38.5.0-1.mga5 thunderbird-hy_AM-38.5.0-1.mga5 thunderbird-id-38.5.0-1.mga5 thunderbird-is-38.5.0-1.mga5 thunderbird-it-38.5.0-1.mga5 thunderbird-ja-38.5.0-1.mga5 thunderbird-ko-38.5.0-1.mga5 thunderbird-lt-38.5.0-1.mga5 thunderbird-nb_NO-38.5.0-1.mga5 thunderbird-nl-38.5.0-1.mga5 thunderbird-nn_NO-38.5.0-1.mga5 thunderbird-pa_IN-38.5.0-1.mga5 thunderbird-pl-38.5.0-1.mga5 thunderbird-pt_BR-38.5.0-1.mga5 thunderbird-pt_PT-38.5.0-1.mga5 thunderbird-ro-38.5.0-1.mga5 thunderbird-ru-38.5.0-1.mga5 thunderbird-si-38.5.0-1.mga5 thunderbird-sk-38.5.0-1.mga5 thunderbird-sl-38.5.0-1.mga5 thunderbird-sq-38.5.0-1.mga5 thunderbird-sv_SE-38.5.0-1.mga5 thunderbird-ta_LK-38.5.0-1.mga5 thunderbird-tr-38.5.0-1.mga5 thunderbird-uk-38.5.0-1.mga5 thunderbird-vi-38.5.0-1.mga5 thunderbird-zh_CN-38.5.0-1.mga5 thunderbird-zh_TW-38.5.0-1.mga5 from SRPMS: thunderbird-38.5.0-1.mga5.src.rpm thunderbird-l10n-38.5.0-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing complete mga5 64 General email use, enigmail properly checks signatures, correct locale installed.
Whiteboard: (none) => has_procedure mga5-64-ok
No RH advisory yet, but the upstream ones have been updated to show which ones affect Thunderbird. Will update the last reference when RH posts theirs. Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7222). A flaw was found in the way Thunderbird handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files (CVE-2015-7214). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214 https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2015-2657.html
It doesn't necessarily have to be handled in this update, but if someone could have a look at this bug report for thunderbird lightning's localisation: bug 17392
CC: (none) => doktor5000
(In reply to Rémi Verschelde from comment #3) > It doesn't necessarily have to be handled in this update, but if someone > could have a look at this bug report for thunderbird lightning's > localisation: bug 17392 There's nothing to look at right now. It's an unclear report.
(In reply to David Walser from comment #4) > There's nothing to look at right now. It's an unclear report. I don't see how "I have thunderbird in German but the lightning plugin is not localized" is unclear to you, but please do ask for more info and add the NEEDINFO marker if need be.
Testing on mga5-32 Packages installed from testing: thunderbird-en_GB-38.5.0-1.mga5 thunderbird-38.5.0-1.mga5 packages installed cleanly email - send and receive (including filters) address book calendar Unix movemail Newsfeeds Usenet all OK OK for mga5-32
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-64-ok MGA5-32-OK
This update is now validated. The advisory needs to be uploaded to SVN and the packages can then be pushed to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure mga5-64-ok MGA5-32-OK => has_procedure advisory mga5-64-ok MGA5-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0492.html
Status: NEW => RESOLVEDResolution: (none) => FIXED