Mozilla has released Thunderbird 38.7.1 today (March 25), fixing security issues: https://www.mozilla.org/en-US/thunderbird/38.7.1/releasenotes/ The specific security issues have not been announced yet, and it's *possible* that they only affect Windows, so we'll have to see. I would expect them to be posted soon.
Status: NEW => ASSIGNEDCC: (none) => doktor5000
thunderbird-38.7.1-1.mga5 sent to updates_testing, will write advisory later.
Details are finally available. The only change is that they disabled the Graphite2 font shaping library, presumably because they realized how poorly implemented and full of security issues it is, and gave up on trying to get them all fixed, knowing that they'd still miss more. The same change was made in Firefox 45.0.1.
FWIW, here's the list of packages to test: i586 ================ thunderbird-38.7.1-1.mga5.i586 thunderbird-enigmail-38.7.1-1.mga5.i586 noarch ================ thunderbird-ar-38.7.1-1.mga5.noarch thunderbird-ast-38.7.1-1.mga5.noarch thunderbird-be-38.7.1-1.mga5.noarch thunderbird-bg-38.7.1-1.mga5.noarch thunderbird-bn_BD-38.7.1-1.mga5.noarch thunderbird-br-38.7.1-1.mga5.noarch thunderbird-ca-38.7.1-1.mga5.noarch thunderbird-cs-38.7.1-1.mga5.noarch thunderbird-cy-38.7.1-1.mga5.noarch thunderbird-da-38.7.1-1.mga5.noarch thunderbird-de-38.7.1-1.mga5.noarch thunderbird-el-38.7.1-1.mga5.noarch thunderbird-en_GB-38.7.1-1.mga5.noarch thunderbird-en_US-38.7.1-1.mga5.noarch thunderbird-es_AR-38.7.1-1.mga5.noarch thunderbird-es_ES-38.7.1-1.mga5.noarch thunderbird-et-38.7.1-1.mga5.noarch thunderbird-eu-38.7.1-1.mga5.noarch thunderbird-fi-38.7.1-1.mga5.noarch thunderbird-fr-38.7.1-1.mga5.noarch thunderbird-fy_NL-38.7.1-1.mga5.noarch thunderbird-ga_IE-38.7.1-1.mga5.noarch thunderbird-gd-38.7.1-1.mga5.noarch thunderbird-gl-38.7.1-1.mga5.noarch thunderbird-he-38.7.1-1.mga5.noarch thunderbird-hr-38.7.1-1.mga5.noarch thunderbird-hsb-38.7.1-1.mga5.noarch thunderbird-hu-38.7.1-1.mga5.noarch thunderbird-hy_AM-38.7.1-1.mga5.noarch thunderbird-id-38.7.1-1.mga5.noarch thunderbird-is-38.7.1-1.mga5.noarch thunderbird-it-38.7.1-1.mga5.noarch thunderbird-ja-38.7.1-1.mga5.noarch thunderbird-ko-38.7.1-1.mga5.noarch thunderbird-lt-38.7.1-1.mga5.noarch thunderbird-nb_NO-38.7.1-1.mga5.noarch thunderbird-nl-38.7.1-1.mga5.noarch thunderbird-nn_NO-38.7.1-1.mga5.noarch thunderbird-pa_IN-38.7.1-1.mga5.noarch thunderbird-pl-38.7.1-1.mga5.noarch thunderbird-pt_BR-38.7.1-1.mga5.noarch thunderbird-pt_PT-38.7.1-1.mga5.noarch thunderbird-ro-38.7.1-1.mga5.noarch thunderbird-ru-38.7.1-1.mga5.noarch thunderbird-si-38.7.1-1.mga5.noarch thunderbird-sk-38.7.1-1.mga5.noarch thunderbird-sl-38.7.1-1.mga5.noarch thunderbird-sq-38.7.1-1.mga5.noarch thunderbird-sv_SE-38.7.1-1.mga5.noarch thunderbird-ta_LK-38.7.1-1.mga5.noarch thunderbird-tr-38.7.1-1.mga5.noarch thunderbird-uk-38.7.1-1.mga5.noarch thunderbird-vi-38.7.1-1.mga5.noarch thunderbird-zh_CN-38.7.1-1.mga5.noarch thunderbird-zh_TW-38.7.1-1.mga5.noarch x86_64 ================ thunderbird-38.7.1-1.mga5.x86_64 thunderbird-enigmail-38.7.1-1.mga5.x86_64 src ================ thunderbird-38.7.1-1.mga5.src thunderbird-l10n-38.7.1-1.mga5.src
Thanks Florian! I think we have enough information to assign to QA now. Once this is pushed, we should start working on Firefox 45.0.1. We'll need to update libpng (already committed in Mageia 5 SVN) and sqlite3 (not yet committed) for that. sqlite3 will need to have the FTS3_TOKENIZER enabled in Mageia 5 (it isn't in Cauldron). Alternatively, we could switch to bundled sqlite3 in FF/TB and not update it.
Assignee: doktor5000 => qa-bugs
Tested with enigmail, and nntp. Validating the update.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0129.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/682157/