Thunderbird 52.3 has been released today (August 16): https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/ It fixes several bugs and likely many of the same security issues as Firefox 52.3 (Bug 21476).
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => doktor5000, mrambo, nicolas.salguero
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => doktor5000
openSUSE has issued an advisory for this today (August 18): https://lists.opensuse.org/opensuse-updates/2017-08/msg00083.html
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOCC: (none) => mageia
pushed in updates_testing src.rpm: thunderbird-52.3.0-1.mga6 thunderbird-52.3.0-1.mga5
(In reply to Nicolas Lécureuil from comment #3) > pushed in updates_testing > src.rpm: > thunderbird-52.3.0-1.mga6 > thunderbird-52.3.0-1.mga5 Don't forget thunderbird-l10n. Built so far...: thunderbird-52.3.0-1.mga5 thunderbird-enigmail-52.3.0-1.mga5 thunderbird-52.3.0-1.mga6 thunderbird-enigmail-52.3.0-1.mga6
i've completly forgoten this :)
thunderbird-l10n-52.3.0-1.mga6 and thunderbird-l10n-52.3.0-1.mga5 are now available
Assignee: doktor5000 => qa-bugs
Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://access.redhat.com/errata/RHSA-2017:2456 ======================== Updated packages in core/updates_testing: ======================== thunderbird-52.3.0-1.mga5 thunderbird-enigmail-52.3.0-1.mga5 thunderbird-ar-52.3.0-1.mga5 thunderbird-ast-52.3.0-1.mga5 thunderbird-be-52.3.0-1.mga5 thunderbird-bg-52.3.0-1.mga5 thunderbird-bn_BD-52.3.0-1.mga5 thunderbird-br-52.3.0-1.mga5 thunderbird-ca-52.3.0-1.mga5 thunderbird-cs-52.3.0-1.mga5 thunderbird-cy-52.3.0-1.mga5 thunderbird-da-52.3.0-1.mga5 thunderbird-de-52.3.0-1.mga5 thunderbird-el-52.3.0-1.mga5 thunderbird-en_GB-52.3.0-1.mga5 thunderbird-en_US-52.3.0-1.mga5 thunderbird-es_AR-52.3.0-1.mga5 thunderbird-es_ES-52.3.0-1.mga5 thunderbird-et-52.3.0-1.mga5 thunderbird-eu-52.3.0-1.mga5 thunderbird-fi-52.3.0-1.mga5 thunderbird-fr-52.3.0-1.mga5 thunderbird-fy_NL-52.3.0-1.mga5 thunderbird-ga_IE-52.3.0-1.mga5 thunderbird-gd-52.3.0-1.mga5 thunderbird-gl-52.3.0-1.mga5 thunderbird-he-52.3.0-1.mga5 thunderbird-hr-52.3.0-1.mga5 thunderbird-hsb-52.3.0-1.mga5 thunderbird-hu-52.3.0-1.mga5 thunderbird-hy_AM-52.3.0-1.mga5 thunderbird-id-52.3.0-1.mga5 thunderbird-is-52.3.0-1.mga5 thunderbird-it-52.3.0-1.mga5 thunderbird-ja-52.3.0-1.mga5 thunderbird-ko-52.3.0-1.mga5 thunderbird-lt-52.3.0-1.mga5 thunderbird-nb_NO-52.3.0-1.mga5 thunderbird-nl-52.3.0-1.mga5 thunderbird-nn_NO-52.3.0-1.mga5 thunderbird-pa_IN-52.3.0-1.mga5 thunderbird-pl-52.3.0-1.mga5 thunderbird-pt_BR-52.3.0-1.mga5 thunderbird-pt_PT-52.3.0-1.mga5 thunderbird-ro-52.3.0-1.mga5 thunderbird-ru-52.3.0-1.mga5 thunderbird-si-52.3.0-1.mga5 thunderbird-sk-52.3.0-1.mga5 thunderbird-sl-52.3.0-1.mga5 thunderbird-sq-52.3.0-1.mga5 thunderbird-sv_SE-52.3.0-1.mga5 thunderbird-ta_LK-52.3.0-1.mga5 thunderbird-tr-52.3.0-1.mga5 thunderbird-uk-52.3.0-1.mga5 thunderbird-vi-52.3.0-1.mga5 thunderbird-zh_CN-52.3.0-1.mga5 thunderbird-zh_TW-52.3.0-1.mga5 thunderbird-52.3.0-1.mga6 thunderbird-enigmail-52.3.0-1.mga6 thunderbird-ar-52.3.0-1.mga6 thunderbird-ast-52.3.0-1.mga6 thunderbird-be-52.3.0-1.mga6 thunderbird-bg-52.3.0-1.mga6 thunderbird-bn_BD-52.3.0-1.mga6 thunderbird-br-52.3.0-1.mga6 thunderbird-ca-52.3.0-1.mga6 thunderbird-cs-52.3.0-1.mga6 thunderbird-cy-52.3.0-1.mga6 thunderbird-da-52.3.0-1.mga6 thunderbird-de-52.3.0-1.mga6 thunderbird-el-52.3.0-1.mga6 thunderbird-en_GB-52.3.0-1.mga6 thunderbird-en_US-52.3.0-1.mga6 thunderbird-es_AR-52.3.0-1.mga6 thunderbird-es_ES-52.3.0-1.mga6 thunderbird-et-52.3.0-1.mga6 thunderbird-eu-52.3.0-1.mga6 thunderbird-fi-52.3.0-1.mga6 thunderbird-fr-52.3.0-1.mga6 thunderbird-fy_NL-52.3.0-1.mga6 thunderbird-ga_IE-52.3.0-1.mga6 thunderbird-gd-52.3.0-1.mga6 thunderbird-gl-52.3.0-1.mga6 thunderbird-he-52.3.0-1.mga6 thunderbird-hr-52.3.0-1.mga6 thunderbird-hsb-52.3.0-1.mga6 thunderbird-hu-52.3.0-1.mga6 thunderbird-hy_AM-52.3.0-1.mga6 thunderbird-id-52.3.0-1.mga6 thunderbird-is-52.3.0-1.mga6 thunderbird-it-52.3.0-1.mga6 thunderbird-ja-52.3.0-1.mga6 thunderbird-ko-52.3.0-1.mga6 thunderbird-lt-52.3.0-1.mga6 thunderbird-nb_NO-52.3.0-1.mga6 thunderbird-nl-52.3.0-1.mga6 thunderbird-nn_NO-52.3.0-1.mga6 thunderbird-pa_IN-52.3.0-1.mga6 thunderbird-pl-52.3.0-1.mga6 thunderbird-pt_BR-52.3.0-1.mga6 thunderbird-pt_PT-52.3.0-1.mga6 thunderbird-ro-52.3.0-1.mga6 thunderbird-ru-52.3.0-1.mga6 thunderbird-si-52.3.0-1.mga6 thunderbird-sk-52.3.0-1.mga6 thunderbird-sl-52.3.0-1.mga6 thunderbird-sq-52.3.0-1.mga6 thunderbird-sv_SE-52.3.0-1.mga6 thunderbird-ta_LK-52.3.0-1.mga6 thunderbird-tr-52.3.0-1.mga6 thunderbird-uk-52.3.0-1.mga6 thunderbird-vi-52.3.0-1.mga6 thunderbird-zh_CN-52.3.0-1.mga6 thunderbird-zh_TW-52.3.0-1.mga6 from SRPMS: thunderbird-52.3.0-1.mga5.src.rpm thunderbird-l10n-52.3.0-1.mga5.src.rpm thunderbird-52.3.0-1.mga6.src.rpm thunderbird-l10n-52.3.0-1.mga6.src.rpm
Mga5 32 # urpmi thunderbird To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") thunderbird 52.3.0 1.mga5 i586 thunderbird-en_GB 52.3.0 1.mga5 noarch Proceed with the installation of the 2 packages? (Y/n) y installing thunderbird-52.3.0-1.mga5.i586.rpm thunderbird-en_GB-52.3.0-1.mga5.noarch.rpm Preparing... 1/2: thunderbird 2/2: thunderbird-en_GB 1/2: removing thunderbird-en_GB-52.2.1-1.mga5.noarch 2/2: removing thunderbird-0:52.2.1-1.mga5.i586 $ thunderbird launches ok send mail to pop3 - ok. retrieve mail from pop3 - ok
Whiteboard: MGA5TOO => MGA5TOO|| Mga5-32-ok|CC: (none) => westel
Cleaned up the whiteboard...Ben, please be careful. Updating the advisory with an updated reference. RedHat has issued an advisory for this today (August 24): https://access.redhat.com/errata/RHSA-2017:2534 Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809 https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ https://access.redhat.com/errata/RHSA-2017:2534
Whiteboard: MGA5TOO|| Mga5-32-ok| => MGA5TOO mga5-32-ok
mga6 x86_64 Version 52.3.0 in place and still getting mail on a Google IMAP account. Calendar functional. The add-on Silvermel continues to be incompatible with the current version of Thunderbird - maybe incompatible with Linux. AddressBook working. Last message sent has not bounced yet. Good for 64-bits
CC: (none) => tarazed25
Whiteboard: MGA5TOO mga5-32-ok => MGA5TOO mga5-32-ok MGA6-64-OK
Advisory from comments 7 & 9. Validating as we have 1 OK per release, 1 for each architecture.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO mga5-32-ok MGA6-64-OK => MGA5TOO mga5-32-ok MGA6-64-OK advisoryCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0303.html
Status: NEW => RESOLVEDResolution: (none) => FIXED