RedHat has issued an advisory on May 12: https://rhn.redhat.com/errata/RHSA-2016-1041.html Updated packages uploaded for Mageia 5 and Cauldron by tmb. I'll provide the libpng update, needed for the FF/TB 45 update here since it was built first. If testing results in FF getting pushed first, we'll move it to that bug. The FF build should be available on Tuesday. Advisory: ================ Updated thunderbird packages fix security vulnerabilities: Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-2805, CVE-2016-2807). This update provides the next stable branch of Thunderbird, version 45.1.1. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807 https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.1/releasenotes/ https://rhn.redhat.com/errata/RHSA-2016-1041.html https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ ================ Updated packages in core/updates_testing: ================ libpng16_16-1.6.22-1.mga5 libpng-devel-1.6.22-1.mga5 thunderbird-45.1.1-1.mga5 thunderbird-enigmail-45.1.1-1.mga5 thunderbird-ar-45.1.1-1.mga5 thunderbird-ast-45.1.1-1.mga5 thunderbird-be-45.1.1-1.mga5 thunderbird-bg-45.1.1-1.mga5 thunderbird-bn_BD-45.1.1-1.mga5 thunderbird-br-45.1.1-1.mga5 thunderbird-ca-45.1.1-1.mga5 thunderbird-cs-45.1.1-1.mga5 thunderbird-cy-45.1.1-1.mga5 thunderbird-da-45.1.1-1.mga5 thunderbird-de-45.1.1-1.mga5 thunderbird-el-45.1.1-1.mga5 thunderbird-en_GB-45.1.1-1.mga5 thunderbird-en_US-45.1.1-1.mga5 thunderbird-es_AR-45.1.1-1.mga5 thunderbird-es_ES-45.1.1-1.mga5 thunderbird-et-45.1.1-1.mga5 thunderbird-eu-45.1.1-1.mga5 thunderbird-fi-45.1.1-1.mga5 thunderbird-fr-45.1.1-1.mga5 thunderbird-fy_NL-45.1.1-1.mga5 thunderbird-ga_IE-45.1.1-1.mga5 thunderbird-gd-45.1.1-1.mga5 thunderbird-gl-45.1.1-1.mga5 thunderbird-he-45.1.1-1.mga5 thunderbird-hr-45.1.1-1.mga5 thunderbird-hsb-45.1.1-1.mga5 thunderbird-hu-45.1.1-1.mga5 thunderbird-hy_AM-45.1.1-1.mga5 thunderbird-id-45.1.1-1.mga5 thunderbird-is-45.1.1-1.mga5 thunderbird-it-45.1.1-1.mga5 thunderbird-ja-45.1.1-1.mga5 thunderbird-ko-45.1.1-1.mga5 thunderbird-lt-45.1.1-1.mga5 thunderbird-nb_NO-45.1.1-1.mga5 thunderbird-nl-45.1.1-1.mga5 thunderbird-nn_NO-45.1.1-1.mga5 thunderbird-pa_IN-45.1.1-1.mga5 thunderbird-pl-45.1.1-1.mga5 thunderbird-pt_BR-45.1.1-1.mga5 thunderbird-pt_PT-45.1.1-1.mga5 thunderbird-ro-45.1.1-1.mga5 thunderbird-ru-45.1.1-1.mga5 thunderbird-si-45.1.1-1.mga5 thunderbird-sk-45.1.1-1.mga5 thunderbird-sl-45.1.1-1.mga5 thunderbird-sq-45.1.1-1.mga5 thunderbird-sv_SE-45.1.1-1.mga5 thunderbird-ta_LK-45.1.1-1.mga5 thunderbird-tr-45.1.1-1.mga5 thunderbird-uk-45.1.1-1.mga5 thunderbird-vi-45.1.1-1.mga5 thunderbird-zh_CN-45.1.1-1.mga5 thunderbird-zh_TW-45.1.1-1.mga5 from SRPMS: libpng-1.6.22-1.mga5.src.rpm thunderbird-45.1.1-1.mga5.src.rpm thunderbird-l10n-45.1.1-1.mga5.src.rpm
thunderbird-lightning needs to be updated too. It gets disabled as being incompatible with new thunderbird.
thunderbird-lightning is part of the thunderbird source (and package) now. You should not have a prior thunderbird-lightning package installed.
CC: (none) => doktor5000, tmb
hmm actually i don't have the thunderbird-lightning package installed so it's a mozilla one. Did we stop packaging them at some stage?
Created attachment 7906 [details] lightning error on upgrade screenshot
(In reply to claire robinson from comment #3) > hmm actually i don't have the thunderbird-lightning package installed so > it's a mozilla one. Did we stop packaging them at some stage? Well, it's packaged now, just as part of Thunderbird itself. The old package should be obsoleted. (In reply to claire robinson from comment #4) > Created attachment 7906 [details] > lightning error on upgrade > > screenshot Ouch! I guess upstream laid an egg here. Maybe they'll publish an updated 45.1.1 tarball fixing this in the next few days. It wouldn't be the first time.
Whiteboard: (none) => feedback
Enigmail also changes from inline-pgp to pgp/mime. Seems to work OK but not sure of the implications of this really.
Nope, the lightning included in 45.1.1 is 4.7.1.1 I wonder if we miss some kind of "calendar upgrade trigger" as the 4.0.5.2 is the default version in thunderbird 38. But I have never used the calendar extension in my thunderbird, so I guess those that get the trouble belongs to QA and have had the lightning added / tested at some point ...
Hm, something weird is going on... I cant even find the calendar anywhare, even if it's listed as installed/active in the addons manager
Taking it back, I see there are some important enigmail fixes upstream too
Assignee: qa-bugs => tmb
Ok, seems we have a possible rpm bug. The Lightning translations are tagged with %lang, but for some reason rpm does not install the needed ones (I have English, Finnish and Swedish locales installed and they are properly listed in /etc/rpm/macros) and all english and finnish translations gets installed, but Swedish translations are not :/ And when translations is missing, the Lightning calendar does not work... If I manually copy the translations from the rpm to the correct place Lightning starts to work again ...
(In reply to Thomas Backlund from comment #7) > Nope, the lightning included in 45.1.1 is 4.7.1.1 > > I wonder if we miss some kind of "calendar upgrade trigger" as the 4.0.5.2 > is the default version in thunderbird 38. > > But I have never used the calendar extension in my thunderbird, so I guess > those that get the trouble belongs to QA and have had the lightning added / > tested at some point ... All this sounds remarkably similar to a thread on the discuss ml recently. The Lightning packaged with the latest T-bird 38 was 4.0.7.2, and it couldn't be accessed by the OP. No "Calendar" tab in Preferences. If version 4.0.5.2 was then installed, it wasn't available. If, however, T-bird 38 had been updated from a version with a non-embedded 4.0.5.2 installed, that version of Lightning seemed to carry through unchanged. My last T-bird 38 had Lightning 4.0.5.2 installed and active when I upgraded to the first T-bird 45 we offered to QA, (No idea where it came from or when I installed it.) T-bird wanted to upgrade that add-on to 4.7. That worked, and was carried through without change to T-bird 45.1.1. I just removed that 4.7 version, and restarted, only to see a Lightning 4.7.1 which doesn't have a "Remove" button, but can be accessed in Preferences. It's all very confusing. Makes me glad I never use it.
CC: (none) => andrewsfarm
Just dropped into one of my 32-bit systems to try to test something else. Old version of T-bird (45.1.0?) had a popup telling me that Lightning was now integrated, gave the option to disable or keep. I kept, and it was Lightning 4.7.1. Updated to T-bird 45.1.1-1.1 from the repository, and afterward Lightning is 4.7.1.1. No idea if it works, as I don't use Lightning. Rest of T-bird looks OK. Still all very confusing, though.
What's the status of this? I saw that Thomas rebuilt the package with some changes after the initial build. Is this ready for QA? What else needs to be done?
Blocks: (none) => 18264
(I use it since it's on repo and no issue here)
Package list is now listed below. Thomas, please assign to QA if it's OK to go. Updated packages in core/updates_testing: ================ thunderbird-45.1.1-1.1.mga5 thunderbird-enigmail-45.1.1-1.1.mga5 thunderbird-ar-45.1.1-1.mga5 thunderbird-ast-45.1.1-1.mga5 thunderbird-be-45.1.1-1.mga5 thunderbird-bg-45.1.1-1.mga5 thunderbird-bn_BD-45.1.1-1.mga5 thunderbird-br-45.1.1-1.mga5 thunderbird-ca-45.1.1-1.mga5 thunderbird-cs-45.1.1-1.mga5 thunderbird-cy-45.1.1-1.mga5 thunderbird-da-45.1.1-1.mga5 thunderbird-de-45.1.1-1.mga5 thunderbird-el-45.1.1-1.mga5 thunderbird-en_GB-45.1.1-1.mga5 thunderbird-en_US-45.1.1-1.mga5 thunderbird-es_AR-45.1.1-1.mga5 thunderbird-es_ES-45.1.1-1.mga5 thunderbird-et-45.1.1-1.mga5 thunderbird-eu-45.1.1-1.mga5 thunderbird-fi-45.1.1-1.mga5 thunderbird-fr-45.1.1-1.mga5 thunderbird-fy_NL-45.1.1-1.mga5 thunderbird-ga_IE-45.1.1-1.mga5 thunderbird-gd-45.1.1-1.mga5 thunderbird-gl-45.1.1-1.mga5 thunderbird-he-45.1.1-1.mga5 thunderbird-hr-45.1.1-1.mga5 thunderbird-hsb-45.1.1-1.mga5 thunderbird-hu-45.1.1-1.mga5 thunderbird-hy_AM-45.1.1-1.mga5 thunderbird-id-45.1.1-1.mga5 thunderbird-is-45.1.1-1.mga5 thunderbird-it-45.1.1-1.mga5 thunderbird-ja-45.1.1-1.mga5 thunderbird-ko-45.1.1-1.mga5 thunderbird-lt-45.1.1-1.mga5 thunderbird-nb_NO-45.1.1-1.mga5 thunderbird-nl-45.1.1-1.mga5 thunderbird-nn_NO-45.1.1-1.mga5 thunderbird-pa_IN-45.1.1-1.mga5 thunderbird-pl-45.1.1-1.mga5 thunderbird-pt_BR-45.1.1-1.mga5 thunderbird-pt_PT-45.1.1-1.mga5 thunderbird-ro-45.1.1-1.mga5 thunderbird-ru-45.1.1-1.mga5 thunderbird-si-45.1.1-1.mga5 thunderbird-sk-45.1.1-1.mga5 thunderbird-sl-45.1.1-1.mga5 thunderbird-sq-45.1.1-1.mga5 thunderbird-sv_SE-45.1.1-1.mga5 thunderbird-ta_LK-45.1.1-1.mga5 thunderbird-tr-45.1.1-1.mga5 thunderbird-uk-45.1.1-1.mga5 thunderbird-vi-45.1.1-1.mga5 thunderbird-zh_CN-45.1.1-1.mga5 thunderbird-zh_TW-45.1.1-1.mga5 from SRPMS: thunderbird-45.1.1-1.1.mga5.src.rpm thunderbird-l10n-45.1.1-1.mga5.src.rpm
(In reply to claire robinson from comment #4) > Created attachment 7906 [details] > lightning error on upgrade > > screenshot Hi, I updated my Thunderbird some minutes ago and I experienced this same problem. I needed to accept and download lightning from Mozilla addons to get my calendars back.
CC: (none) => mail
45.2.0 is out, so this needs to be updated again.
Summary: Thunderbird 45.1.1 => Thunderbird 45.2.0Whiteboard: feedback => (none)
Ok, fixed so calendar works atleast here, so ready for others to test: SRPMS: thunderbird-45.2.0-1.1.mga5.src.rpm thunderbird-l10n-45.2.0-1.mga5.src.rpm i586: thunderbird-45.2.0-1.1.mga5.i586.rpm thunderbird-enigmail-45.2.0-1.1.mga5.i586.rpm thunderbird-ar-45.2.0-1.mga5.noarch.rpm thunderbird-ast-45.2.0-1.mga5.noarch.rpm thunderbird-be-45.2.0-1.mga5.noarch.rpm thunderbird-bg-45.2.0-1.mga5.noarch.rpm thunderbird-bn_BD-45.2.0-1.mga5.noarch.rpm thunderbird-br-45.2.0-1.mga5.noarch.rpm thunderbird-ca-45.2.0-1.mga5.noarch.rpm thunderbird-cs-45.2.0-1.mga5.noarch.rpm thunderbird-cy-45.2.0-1.mga5.noarch.rpm thunderbird-da-45.2.0-1.mga5.noarch.rpm thunderbird-de-45.2.0-1.mga5.noarch.rpm thunderbird-el-45.2.0-1.mga5.noarch.rpm thunderbird-en_GB-45.2.0-1.mga5.noarch.rpm thunderbird-en_US-45.2.0-1.mga5.noarch.rpm thunderbird-es_AR-45.2.0-1.mga5.noarch.rpm thunderbird-es_ES-45.2.0-1.mga5.noarch.rpm thunderbird-et-45.2.0-1.mga5.noarch.rpm thunderbird-eu-45.2.0-1.mga5.noarch.rpm thunderbird-fi-45.2.0-1.mga5.noarch.rpm thunderbird-fr-45.2.0-1.mga5.noarch.rpm thunderbird-fy_NL-45.2.0-1.mga5.noarch.rpm thunderbird-ga_IE-45.2.0-1.mga5.noarch.rpm thunderbird-gd-45.2.0-1.mga5.noarch.rpm thunderbird-gl-45.2.0-1.mga5.noarch.rpm thunderbird-he-45.2.0-1.mga5.noarch.rpm thunderbird-hr-45.2.0-1.mga5.noarch.rpm thunderbird-hsb-45.2.0-1.mga5.noarch.rpm thunderbird-hu-45.2.0-1.mga5.noarch.rpm thunderbird-hy_AM-45.2.0-1.mga5.noarch.rpm thunderbird-id-45.2.0-1.mga5.noarch.rpm thunderbird-is-45.2.0-1.mga5.noarch.rpm thunderbird-it-45.2.0-1.mga5.noarch.rpm thunderbird-ja-45.2.0-1.mga5.noarch.rpm thunderbird-ko-45.2.0-1.mga5.noarch.rpm thunderbird-lt-45.2.0-1.mga5.noarch.rpm thunderbird-nb_NO-45.2.0-1.mga5.noarch.rpm thunderbird-nl-45.2.0-1.mga5.noarch.rpm thunderbird-nn_NO-45.2.0-1.mga5.noarch.rpm thunderbird-pa_IN-45.2.0-1.mga5.noarch.rpm thunderbird-pl-45.2.0-1.mga5.noarch.rpm thunderbird-pt_BR-45.2.0-1.mga5.noarch.rpm thunderbird-pt_PT-45.2.0-1.mga5.noarch.rpm thunderbird-ro-45.2.0-1.mga5.noarch.rpm thunderbird-ru-45.2.0-1.mga5.noarch.rpm thunderbird-si-45.2.0-1.mga5.noarch.rpm thunderbird-sk-45.2.0-1.mga5.noarch.rpm thunderbird-sl-45.2.0-1.mga5.noarch.rpm thunderbird-sq-45.2.0-1.mga5.noarch.rpm thunderbird-sv_SE-45.2.0-1.mga5.noarch.rpm thunderbird-ta_LK-45.2.0-1.mga5.noarch.rpm thunderbird-tr-45.2.0-1.mga5.noarch.rpm thunderbird-uk-45.2.0-1.mga5.noarch.rpm thunderbird-vi-45.2.0-1.mga5.noarch.rpm thunderbird-zh_CN-45.2.0-1.mga5.noarch.rpm thunderbird-zh_TW-45.2.0-1.mga5.noarch.rpm x86_64: thunderbird-45.2.0-1.1.mga5.x86_64.rpm thunderbird-enigmail-45.2.0-1.1.mga5.x86_64.rpm thunderbird-ar-45.2.0-1.mga5.noarch.rpm thunderbird-ast-45.2.0-1.mga5.noarch.rpm thunderbird-be-45.2.0-1.mga5.noarch.rpm thunderbird-bg-45.2.0-1.mga5.noarch.rpm thunderbird-bn_BD-45.2.0-1.mga5.noarch.rpm thunderbird-br-45.2.0-1.mga5.noarch.rpm thunderbird-ca-45.2.0-1.mga5.noarch.rpm thunderbird-cs-45.2.0-1.mga5.noarch.rpm thunderbird-cy-45.2.0-1.mga5.noarch.rpm thunderbird-da-45.2.0-1.mga5.noarch.rpm thunderbird-de-45.2.0-1.mga5.noarch.rpm thunderbird-el-45.2.0-1.mga5.noarch.rpm thunderbird-en_GB-45.2.0-1.mga5.noarch.rpm thunderbird-en_US-45.2.0-1.mga5.noarch.rpm thunderbird-es_AR-45.2.0-1.mga5.noarch.rpm thunderbird-es_ES-45.2.0-1.mga5.noarch.rpm thunderbird-et-45.2.0-1.mga5.noarch.rpm thunderbird-eu-45.2.0-1.mga5.noarch.rpm thunderbird-fi-45.2.0-1.mga5.noarch.rpm thunderbird-fr-45.2.0-1.mga5.noarch.rpm thunderbird-fy_NL-45.2.0-1.mga5.noarch.rpm thunderbird-ga_IE-45.2.0-1.mga5.noarch.rpm thunderbird-gd-45.2.0-1.mga5.noarch.rpm thunderbird-gl-45.2.0-1.mga5.noarch.rpm thunderbird-he-45.2.0-1.mga5.noarch.rpm thunderbird-hr-45.2.0-1.mga5.noarch.rpm thunderbird-hsb-45.2.0-1.mga5.noarch.rpm thunderbird-hu-45.2.0-1.mga5.noarch.rpm thunderbird-hy_AM-45.2.0-1.mga5.noarch.rpm thunderbird-id-45.2.0-1.mga5.noarch.rpm thunderbird-is-45.2.0-1.mga5.noarch.rpm thunderbird-it-45.2.0-1.mga5.noarch.rpm thunderbird-ja-45.2.0-1.mga5.noarch.rpm thunderbird-ko-45.2.0-1.mga5.noarch.rpm thunderbird-lt-45.2.0-1.mga5.noarch.rpm thunderbird-nb_NO-45.2.0-1.mga5.noarch.rpm thunderbird-nl-45.2.0-1.mga5.noarch.rpm thunderbird-nn_NO-45.2.0-1.mga5.noarch.rpm thunderbird-pa_IN-45.2.0-1.mga5.noarch.rpm thunderbird-pl-45.2.0-1.mga5.noarch.rpm thunderbird-pt_BR-45.2.0-1.mga5.noarch.rpm thunderbird-pt_PT-45.2.0-1.mga5.noarch.rpm thunderbird-ro-45.2.0-1.mga5.noarch.rpm thunderbird-ru-45.2.0-1.mga5.noarch.rpm thunderbird-si-45.2.0-1.mga5.noarch.rpm thunderbird-sk-45.2.0-1.mga5.noarch.rpm thunderbird-sl-45.2.0-1.mga5.noarch.rpm thunderbird-sq-45.2.0-1.mga5.noarch.rpm thunderbird-sv_SE-45.2.0-1.mga5.noarch.rpm thunderbird-ta_LK-45.2.0-1.mga5.noarch.rpm thunderbird-tr-45.2.0-1.mga5.noarch.rpm thunderbird-uk-45.2.0-1.mga5.noarch.rpm thunderbird-vi-45.2.0-1.mga5.noarch.rpm thunderbird-zh_CN-45.2.0-1.mga5.noarch.rpm thunderbird-zh_TW-45.2.0-1.mga5.noarch.rpm
Assignee: tmb => qa-bugs
Advisory: ================ Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-2805, CVE-2016-2807, CVE-2016-2818). This update provides the next stable branch of Thunderbird, version 45.2.0. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818 https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/ https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.1/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.2.0/releasenotes/ https://rhn.redhat.com/errata/RHSA-2016-1041.html https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
Testing this on x86_64 on production workstation. Installed thunderbird, thunderbird-enigmail, thunderbird-en_GB Will see how it goes.
CC: (none) => tarazed25
Email and calendar functioning. Tried Enigmail but decrypting did not work. There was a problem in the wizard setup. After passphrase and key generation the store revocation certificate failed and recommended a visit upstream. Carried on by encrypting a message to myself but on receipt was unable to read it. The passphrase I had just set up would not work. Is testing Enigmail an essential part of this update?
I discovered that there was a relic of an earlier test of enigmail. I no longer know the passphrase for that so I selected the current one and used that. Still no result. The passphrase failed. There was some comment about gnome-keyring and a support site in the messages so I had a look at the faq and found advice about disabling gpg in gnome-keyring. Unfortunately the program quoted - dpkg-divert does not exist here. Installed dpkg and tried again. $ sudo dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable --add /etc/xdg/autostart/gnome-keyring-gpg.desktop dpkg-divert: error: failed to open package info file `/var/lib/dpkg/status' for reading: No such file or directory Looks like this is a can of worms. It is known that gnome-keyring is buggy as far as gpg is concerned. Maybe somebody could test this against kwallet in a KDE/Plasma system?
On mga5-64 Packages installed: thunderbird-45.2.0-1.1.mga5 thunderbird-en_GB-45.2.0-1.mga5 Email - collection (POP) and sending through ISP - OK Unix movemail - OK Calendar - OK This update is OK for me on mga5-64
CC: (none) => jim
x86_64 Mate desktop Trying encryption with Enigmail and tbird 38.7: Message sent to myself failed because older keys were tried first. They cannot be wiped because passphrases are handled by GNOME keyring. Decryption works when the latest key is tried. It looks like it is essential to wipe previous keys because although the latest was used on the outgoing message Enigmail does not know which key to use for incoming mail so has to cycle through them. So it is definitely a GNOME issue and probably does not affect non-GNOME-derived desktops. The solutions posted upstream for disabling GNOME keyring do not work. ---------------------------------------------------------------------------------- Enigmail Security Info Decrypted message Error - decryption failed gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent. gpg: WARNING: GnuPG will not work properly - please configure that tool to not interfere with the GnuPG system! gpg: problem with the agent: Invalid card gpg: encrypted with 4096-bit RSA key, ID 52EC0432, created 2016-03-15 "Len Lawrence <tarazed25@gmail.com>" gpg: public key decryption failed: Operation cancelled gpg: encrypted with 4096-bit RSA key, ID 376A1CE5, created 2016-07-06 "Len Lawrence <tarazed25@gmail.com>" Note that the successful decryption depended on a third key-pair generated 2016-07-07. If the keys could be wiped then it is probable that there would be no errors. After update: tbird 45.2 Used key management to remove the earlier keys and encrypted a message to self. Incoming message flagged as encrypted. Decrypt/Verify on the message. This worked but raised an error message: GnuPG reported an error in the communication with gpg-agent (a component of GnuPG). This is a system setup or configuration error that prevents Enigmail from working properly and cannot be fixed automatically. We strongly recommend that you consult our support web site at https://enigmail.net/faq. So, what to make of this? thunderbird-email seems to work in Mate but does not sit easily with GNOME-keyring and there is what appears to be another problem with GnuPG. Other desktops maybe don't have such problems.
Upgraded 64-bit to 45.2 this evening, and everything I use seems to work. I don't use the calendar, but it looks like it's there, ready for me if I change my mind. Eternal September newsgroups working OK.
Given that Enigmail does encrypt and decrypt OK apart from throwing a wobbly on GNOME-based systems and accepting the consensus that Thunderbird functions as expected, I am inclined to pass this for 64-bits. ??
Whiteboard: (none) => MGA5-64-OK
RedHat has issued an advisory for this today (July 11): https://rhn.redhat.com/errata/RHSA-2016-1392.html Advisory: ================ Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-2805, CVE-2016-2807, CVE-2016-2818). This update provides the next stable branch of Thunderbird, version 45.2.0. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818 https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/ https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.0/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.1.1/releasenotes/ https://www.mozilla.org/en-US/thunderbird/45.2.0/releasenotes/ https://rhn.redhat.com/errata/RHSA-2016-1041.html https://rhn.redhat.com/errata/RHSA-2016-1392.html https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
Anybody have any objections to validating this one now?
None from me. It has been a while.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0254.html
Status: NEW => RESOLVEDResolution: (none) => FIXED