Description of problem: Update to the recently released version 52.0.1
Updates for mga5 thunderbird 52.0.1 (and the corresponding thunderbird-l10n) were pushed earlier today. Time ran short to do the advisory so I'll do that and assign to QA next week.
CC: (none) => luigiwalser
Summary: Update to version 52.0.1 => Thunderbird - update to version 52.0.1
Thunderbird 52.1.0 has been released today (April 30): https://www.mozilla.org/en-US/thunderbird/52.1.0/releasenotes/ Now we do need to update it for Mageia 5.
Updated package uploaded for Mageia 5. Advisory: ======================== Updated thunderbird and thunderbird-l10n packages fix bugs and various security vulnerabilities: * Google Oauth setup can sometimes not progress to the next step * Background images not working and other issues related to embedded images when composing email * plus various security fixes (per the release notes) Updated packages in core/updates_testing: ======================== thunderbird-52.1.0-1.mga5 thunderbird-debuginfo-52.1.0-1.mga5 thunderbird-enigmail-52.1.0-1.mga5 from thunderbird-52.1.0-1.mga5.src.rpm and the thunderbird-l10n packages thunderbird-ar-52.1.0-1.mga5.noarch.rpm thunderbird-ast-52.1.0-1.mga5.noarch.rpm thunderbird-be-52.1.0-1.mga5.noarch.rpm thunderbird-bg-52.1.0-1.mga5.noarch.rpm thunderbird-bn_BD-52.1.0-1.mga5.noarch.rpm thunderbird-br-52.1.0-1.mga5.noarch.rpm thunderbird-ca-52.1.0-1.mga5.noarch.rpm thunderbird-cs-52.1.0-1.mga5.noarch.rpm thunderbird-cy-52.1.0-1.mga5.noarch.rpm thunderbird-da-52.1.0-1.mga5.noarch.rpm thunderbird-de-52.1.0-1.mga5.noarch.rpm thunderbird-el-52.1.0-1.mga5.noarch.rpm thunderbird-en_GB-52.1.0-1.mga5.noarch.rpm thunderbird-en_US-52.1.0-1.mga5.noarch.rpm thunderbird-es_AR-52.1.0-1.mga5.noarch.rpm thunderbird-es_ES-52.1.0-1.mga5.noarch.rpm thunderbird-et-52.1.0-1.mga5.noarch.rpm thunderbird-eu-52.1.0-1.mga5.noarch.rpm thunderbird-fi-52.1.0-1.mga5.noarch.rpm thunderbird-fr-52.1.0-1.mga5.noarch.rpm thunderbird-fy_NL-52.1.0-1.mga5.noarch.rpm thunderbird-ga_IE-52.1.0-1.mga5.noarch.rpm thunderbird-gd-52.1.0-1.mga5.noarch.rpm thunderbird-gl-52.1.0-1.mga5.noarch.rpm thunderbird-he-52.1.0-1.mga5.noarch.rpm thunderbird-hr-52.1.0-1.mga5.noarch.rpm thunderbird-hsb-52.1.0-1.mga5.noarch.rpm thunderbird-hu-52.1.0-1.mga5.noarch.rpm thunderbird-hy_AM-52.1.0-1.mga5.noarch.rpm thunderbird-id-52.1.0-1.mga5.noarch.rpm thunderbird-is-52.1.0-1.mga5.noarch.rpm thunderbird-it-52.1.0-1.mga5.noarch.rpm thunderbird-ja-52.1.0-1.mga5.noarch.rpm thunderbird-ko-52.1.0-1.mga5.noarch.rpm thunderbird-lt-52.1.0-1.mga5.noarch.rpm thunderbird-nb_NO-52.1.0-1.mga5.noarch.rpm thunderbird-nl-52.1.0-1.mga5.noarch.rpm thunderbird-nn_NO-52.1.0-1.mga5.noarch.rpm thunderbird-pa_IN-52.1.0-1.mga5.noarch.rpm thunderbird-pl-52.1.0-1.mga5.noarch.rpm thunderbird-pt_BR-52.1.0-1.mga5.noarch.rpm thunderbird-pt_PT-52.1.0-1.mga5.noarch.rpm thunderbird-ro-52.1.0-1.mga5.noarch.rpm thunderbird-ru-52.1.0-1.mga5.noarch.rpm thunderbird-si-52.1.0-1.mga5.noarch.rpm thunderbird-sk-52.1.0-1.mga5.noarch.rpm thunderbird-sl-52.1.0-1.mga5.noarch.rpm thunderbird-sq-52.1.0-1.mga5.noarch.rpm thunderbird-sv_SE-52.1.0-1.mga5.noarch.rpm thunderbird-ta_LK-52.1.0-1.mga5.noarch.rpm thunderbird-tr-52.1.0-1.mga5.noarch.rpm thunderbird-uk-52.1.0-1.mga5.noarch.rpm thunderbird-vi-52.1.0-1.mga5.noarch.rpm thunderbird-zh_CN-52.1.0-1.mga5.noarch.rpm thunderbird-zh_TW-52.1.0-1.mga5.noarch.rpm from thunderbird-l10n-52.1.0-1.mga5.src.rpm
Summary: Thunderbird - update to version 52.0.1 => Thunderbird - update to version 52.1.0Assignee: mrambo => qa-bugs
Tested in i586 with enigmail in french. All is ok.
CC: (none) => lists.jjorgeSeverity: enhancement => normal
Advisory covering the security issues. Advisory: ======================== Updated thunderbird packages fix security issues: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5467, CVE-2017-5469). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5430 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
On mga5-64 packages installed cleanly: - thunderbird-52.1.0-1.mga5.x86_64 - thunderbird-en_GB-52.1.0-1.mga5.noarch Email - POP/SMTP - OK Calendar - OK Address Book - OK Unix Movemail - OK Newsgroups - OK To the extent tested, OK for mga5-64 Not tested: enigmail, IMAP
CC: (none) => jim
openSUSE has issued an advisory for this today (May 7): https://lists.opensuse.org/opensuse-updates/2017-05/msg00016.html
Component: RPM Packages => Security
RedHat has issued an advisory for this today (May 8): https://rhn.redhat.com/errata/RHSA-2017-1201.html Advisory: ======================== Updated thunderbird packages fix security issues: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5467, CVE-2017-5469). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://rhn.redhat.com/errata/RHSA-2017-1201.html
Works ok here on 64b (imap lightning)
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
MGA5-32 on Asus A6000VM Xfce No installation issues, choose Dutch as interface Declined enigmail config, setup access to mi gmail account, could receive and send messages.
Whiteboard: advisory => advisory MGA5-32-OKCC: (none) => herman.viaene
OK-ing 64-bit in the light of Comment 7 & Comment 10. Validating. Advisory: added CVE-2017-5466 to the description - it was already in both CVE lists.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OKCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0139.html
Status: NEW => RESOLVEDResolution: (none) => FIXED