RedHat has issued an advisory on September 5: https://rhn.redhat.com/errata/RHSA-2016-1809.html Updated packages uploaded for Mageia 5 and Cauldron. Advisory to come. For my reference, Firefox 45.3 update was in Bug 19133. Updated packages in core/updates_testing: ================ thunderbird-45.3.0-2.mga5 thunderbird-enigmail-45.3.0-2.mga5 thunderbird-ar-45.3.0-1.mga5 thunderbird-ast-45.3.0-1.mga5 thunderbird-be-45.3.0-1.mga5 thunderbird-bg-45.3.0-1.mga5 thunderbird-bn_BD-45.3.0-1.mga5 thunderbird-br-45.3.0-1.mga5 thunderbird-ca-45.3.0-1.mga5 thunderbird-cs-45.3.0-1.mga5 thunderbird-cy-45.3.0-1.mga5 thunderbird-da-45.3.0-1.mga5 thunderbird-de-45.3.0-1.mga5 thunderbird-el-45.3.0-1.mga5 thunderbird-en_GB-45.3.0-1.mga5 thunderbird-en_US-45.3.0-1.mga5 thunderbird-es_AR-45.3.0-1.mga5 thunderbird-es_ES-45.3.0-1.mga5 thunderbird-et-45.3.0-1.mga5 thunderbird-eu-45.3.0-1.mga5 thunderbird-fi-45.3.0-1.mga5 thunderbird-fr-45.3.0-1.mga5 thunderbird-fy_NL-45.3.0-1.mga5 thunderbird-ga_IE-45.3.0-1.mga5 thunderbird-gd-45.3.0-1.mga5 thunderbird-gl-45.3.0-1.mga5 thunderbird-he-45.3.0-1.mga5 thunderbird-hr-45.3.0-1.mga5 thunderbird-hsb-45.3.0-1.mga5 thunderbird-hu-45.3.0-1.mga5 thunderbird-hy_AM-45.3.0-1.mga5 thunderbird-id-45.3.0-1.mga5 thunderbird-is-45.3.0-1.mga5 thunderbird-it-45.3.0-1.mga5 thunderbird-ja-45.3.0-1.mga5 thunderbird-ko-45.3.0-1.mga5 thunderbird-lt-45.3.0-1.mga5 thunderbird-nb_NO-45.3.0-1.mga5 thunderbird-nl-45.3.0-1.mga5 thunderbird-nn_NO-45.3.0-1.mga5 thunderbird-pa_IN-45.3.0-1.mga5 thunderbird-pl-45.3.0-1.mga5 thunderbird-pt_BR-45.3.0-1.mga5 thunderbird-pt_PT-45.3.0-1.mga5 thunderbird-ro-45.3.0-1.mga5 thunderbird-ru-45.3.0-1.mga5 thunderbird-si-45.3.0-1.mga5 thunderbird-sk-45.3.0-1.mga5 thunderbird-sl-45.3.0-1.mga5 thunderbird-sq-45.3.0-1.mga5 thunderbird-sv_SE-45.3.0-1.mga5 thunderbird-ta_LK-45.3.0-1.mga5 thunderbird-tr-45.3.0-1.mga5 thunderbird-uk-45.3.0-1.mga5 thunderbird-vi-45.3.0-1.mga5 thunderbird-zh_CN-45.3.0-1.mga5 thunderbird-zh_TW-45.3.0-1.mga5 from SRPMS: thunderbird-45.3.0-2.mga5.src.rpm thunderbird-l10n-45.3.0-1.mga5.src.rpm
Advisory: ================ Updated thunderbird packages fix security vulnerability: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2016-2836). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836 https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2016-1809.html
Thunderbird already in use. For x86_64, installed: thunderbird-45.3.0-2.mga5 thunderbird-en_GB-45.3.0-1.mga5 thunderbird-enigmail-45.3.0-2.mga5 Reopened thunderbird; functioning normally. Tried out Enigmail and found that it is still affected by the earlier gnome-keyring bug; i.e. a bug in GNOME keyring associated with GPG. Nevertheless, although it claims that it cannot create a revocation certificate, one such is created. Sending a message to myself placed an encrypted reply in my Inbox and again there was an error report regarding GNOME keyring which said the passphrase could not be verified or something but in spite of that the message was successfully decrypted. Concluding from this that Enigmail does work. For non GNOME keyring users there would probably be no problem. Thunderbird has suffered from random crashes recently so it will be interesting to see if those have gone away. The patches address a different issue. In the short term, this update looks fine. Disabling Enigmail because I have no interest in using it.
CC: (none) => tarazed25
Whiteboard: (none) => MGA5-64-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0330.html
Status: NEW => RESOLVEDResolution: (none) => FIXED