Bug 22079 - Thunderbird 52.5
Summary: Thunderbird 52.5
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64...
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-11-24 16:42 CET by David Walser
Modified: 2017-11-29 19:53 CET (History)
8 users (show)

See Also:
Source RPM: thunderbird, thunderbird-l10n
CVE:
Status comment:


Attachments

Description David Walser 2017-11-24 16:42:48 CET
Mozilla has released Thunderbird 52.5 on November 23:
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/

It fixes several bugs and likely many of the same security issues as Firefox 52.5 (Bug 22024).
David Walser 2017-11-24 16:43:24 CET

Assignee: bugsquad => pkg-bugs
Whiteboard: (none) => MGA6TOO, MGA5TOO
CC: (none) => mageia, mrambo, nicolas.salguero

Comment 1 Nicolas Salguero 2017-11-27 14:42:23 CET
Suggested advisory:
========================

The updated packages fix several bugs and some security issues:

Use-after-free of PressShell while restyling layout. (CVE-2017-7828)

Cross-origin URL information leak through Resource Timing API. (CVE-2017-7830)

Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5. (CVE-2017-7826)

References:
========================
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826

Updated packages in 5/core/updates_testing:
========================
thunderbird-52.5.0-1.mga5
thunderbird-enigmail-52.5.0-1.mga5
thunderbird-ar-52.5.0-1.mga5
thunderbird-ast-52.5.0-1.mga5
thunderbird-be-52.5.0-1.mga5
thunderbird-bg-52.5.0-1.mga5
thunderbird-bn_BD-52.5.0-1.mga5
thunderbird-br-52.5.0-1.mga5
thunderbird-ca-52.5.0-1.mga5
thunderbird-cs-52.5.0-1.mga5
thunderbird-cy-52.5.0-1.mga5
thunderbird-da-52.5.0-1.mga5
thunderbird-de-52.5.0-1.mga5
thunderbird-el-52.5.0-1.mga5
thunderbird-en_GB-52.5.0-1.mga5
thunderbird-en_US-52.5.0-1.mga5
thunderbird-es_AR-52.5.0-1.mga5
thunderbird-es_ES-52.5.0-1.mga5
thunderbird-et-52.5.0-1.mga5
thunderbird-eu-52.5.0-1.mga5
thunderbird-fi-52.5.0-1.mga5
thunderbird-fr-52.5.0-1.mga5
thunderbird-fy_NL-52.5.0-1.mga5
thunderbird-ga_IE-52.5.0-1.mga5
thunderbird-gd-52.5.0-1.mga5
thunderbird-gl-52.5.0-1.mga5
thunderbird-he-52.5.0-1.mga5
thunderbird-hr-52.5.0-1.mga5
thunderbird-hsb-52.5.0-1.mga5
thunderbird-hu-52.5.0-1.mga5
thunderbird-hy_AM-52.5.0-1.mga5
thunderbird-id-52.5.0-1.mga5
thunderbird-is-52.5.0-1.mga5
thunderbird-it-52.5.0-1.mga5
thunderbird-ja-52.5.0-1.mga5
thunderbird-ko-52.5.0-1.mga5
thunderbird-lt-52.5.0-1.mga5
thunderbird-nb_NO-52.5.0-1.mga5
thunderbird-nl-52.5.0-1.mga5
thunderbird-nn_NO-52.5.0-1.mga5
thunderbird-pa_IN-52.5.0-1.mga5
thunderbird-pl-52.5.0-1.mga5
thunderbird-pt_BR-52.5.0-1.mga5
thunderbird-pt_PT-52.5.0-1.mga5
thunderbird-ro-52.5.0-1.mga5
thunderbird-ru-52.5.0-1.mga5
thunderbird-si-52.5.0-1.mga5
thunderbird-sk-52.5.0-1.mga5
thunderbird-sl-52.5.0-1.mga5
thunderbird-sq-52.5.0-1.mga5
thunderbird-sv_SE-52.5.0-1.mga5
thunderbird-ta_LK-52.5.0-1.mga5
thunderbird-tr-52.5.0-1.mga5
thunderbird-uk-52.5.0-1.mga5
thunderbird-vi-52.5.0-1.mga5
thunderbird-zh_CN-52.5.0-1.mga5
thunderbird-zh_TW-52.5.0-1.mga6

from SRPMS:
thunderbird-52.5.0-1.mga5.src.rpm
thunderbird-l10n-52.5.0-1.mga5.src.rpm

Updated packages in 6/core/updates_testing:
========================
thunderbird-52.5.0-1.mga6
thunderbird-enigmail-52.5.0-1.mga6
thunderbird-ar-52.5.0-1.mga6
thunderbird-ast-52.5.0-1.mga6
thunderbird-be-52.5.0-1.mga6
thunderbird-bg-52.5.0-1.mga6
thunderbird-bn_BD-52.5.0-1.mga6
thunderbird-br-52.5.0-1.mga6
thunderbird-ca-52.5.0-1.mga6
thunderbird-cs-52.5.0-1.mga6
thunderbird-cy-52.5.0-1.mga6
thunderbird-da-52.5.0-1.mga6
thunderbird-de-52.5.0-1.mga6
thunderbird-el-52.5.0-1.mga6
thunderbird-en_GB-52.5.0-1.mga6
thunderbird-en_US-52.5.0-1.mga6
thunderbird-es_AR-52.5.0-1.mga6
thunderbird-es_ES-52.5.0-1.mga6
thunderbird-et-52.5.0-1.mga6
thunderbird-eu-52.5.0-1.mga6
thunderbird-fi-52.5.0-1.mga6
thunderbird-fr-52.5.0-1.mga6
thunderbird-fy_NL-52.5.0-1.mga6
thunderbird-ga_IE-52.5.0-1.mga6
thunderbird-gd-52.5.0-1.mga6
thunderbird-gl-52.5.0-1.mga6
thunderbird-he-52.5.0-1.mga6
thunderbird-hr-52.5.0-1.mga6
thunderbird-hsb-52.5.0-1.mga6
thunderbird-hu-52.5.0-1.mga6
thunderbird-hy_AM-52.5.0-1.mga6
thunderbird-id-52.5.0-1.mga6
thunderbird-is-52.5.0-1.mga6
thunderbird-it-52.5.0-1.mga6
thunderbird-ja-52.5.0-1.mga6
thunderbird-ko-52.5.0-1.mga6
thunderbird-lt-52.5.0-1.mga6
thunderbird-nb_NO-52.5.0-1.mga6
thunderbird-nl-52.5.0-1.mga6
thunderbird-nn_NO-52.5.0-1.mga6
thunderbird-pa_IN-52.5.0-1.mga6
thunderbird-pl-52.5.0-1.mga6
thunderbird-pt_BR-52.5.0-1.mga6
thunderbird-pt_PT-52.5.0-1.mga6
thunderbird-ro-52.5.0-1.mga6
thunderbird-ru-52.5.0-1.mga6
thunderbird-si-52.5.0-1.mga6
thunderbird-sk-52.5.0-1.mga6
thunderbird-sl-52.5.0-1.mga6
thunderbird-sq-52.5.0-1.mga6
thunderbird-sv_SE-52.5.0-1.mga6
thunderbird-ta_LK-52.5.0-1.mga6
thunderbird-tr-52.5.0-1.mga6
thunderbird-uk-52.5.0-1.mga6
thunderbird-vi-52.5.0-1.mga6
thunderbird-zh_CN-52.5.0-1.mga6
thunderbird-zh_TW-52.5.0-1.mga6

from SRPMS:
thunderbird-52.5.0-1.mga6.src.rpm
thunderbird-l10n-52.5.0-1.mga6.src.rpm

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Version: Cauldron => 6
Source RPM: thunderbird => thunderbird, thunderbird-l10n

Lewis Smith 2017-11-28 10:59:13 CET

Keywords: (none) => advisory

Comment 2 Len Lawrence 2017-11-28 11:25:15 CET
Long time Thunderbird user.  
Updated three packages, including the en_GB language pack.
Thunderbird launched OK and is running fine with settings unchanged.  Crosslinks to a browser work fine.  Composed a test message for the discuss list and sent it.  Address book entries can be edited.  All in order.  Checked out the calendar; deleted entries and created new ones.
Leaving enigmail alone because of previous problems with gnome keyring.

Thunderbird looks OK for this system.

CC: (none) => tarazed25

Len Lawrence 2017-11-28 11:25:31 CET

Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK

Comment 3 James Kerr 2017-11-28 15:56:52 CET
On mga6-32 (in a vbox VM)

packages installed cleanly:
- thunderbird-52.5.0-1.mga6.i586
- thunderbird-en_GB-52.5.0-1.mga6.noarch

Email - POP/SMTP - OK
Calendar - OK
Address Book - OK
Unix Movemail - OK

OK for mga6-32

Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OK
CC: (none) => jim

Comment 4 James Kerr 2017-11-28 20:41:12 CET
On mga5-64

packages installed cleanly:
- thunderbird-52.5.0-1.mga5.x86_64
- thunderbird-en_GB-52.5.0-1.mga5.noarch

email - POP/SMTP - ok
calendar - ok
address book = ok
movemail - ok

looks good for mga5-64

Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK

Comment 5 peter winterflood 2017-11-28 23:17:21 CET
on mga6 plasma x86_64 and lxde i586 on 32 bit only hardware

packages installed cleanly:
- thunderbird-52.5.0-1.mga5.x86_64
- thunderbird-en_GB-52.5.0-1.mga5.noarch

email  imap to citadel server, smtp send also ok
calendar and addressbook sync OK integration between sync kolab and lightning/provider for google calendar 3.3 ok

looks good for mga6 64/32

CC: (none) => peter.winterflood

Comment 6 peter winterflood 2017-11-28 23:18:51 CET
(In reply to peter winterflood from comment #5)
> on mga6 plasma x86_64 and lxde i586 on 32 bit only hardware
> 
> packages installed cleanly:
> - thunderbird-52.5.0-1.mga5.x86_64
> - thunderbird-en_GB-52.5.0-1.mga5.noarch
> 
> email  imap to citadel server, smtp send also ok
> calendar and addressbook sync OK integration between sync kolab and
> lightning/provider for google calendar 3.3 ok
> 
> looks good for mga6 64/32

obviously packages installed cleanly:
- thunderbird-52.5.0-1.mga5.i586 for 32 bit, sorry for missing that
Comment 7 Herman Viaene 2017-11-29 16:25:22 CET
MGA5-32 on Dell Latitude D600 Xfce
No installation issues.
Installed with nl language, configured gmail pop.
Could send and receive plain messages and with attachments.

CC: (none) => herman.viaene
Whiteboard: MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK => MGA5TOO MGA6-64-OK MGA6-32-OK MGA5-64-OK MGA5-32-OK

Comment 8 Len Lawrence 2017-11-29 17:39:19 CET
Thanks to testers and Herman for nl.  Other languages rarely get attention in updates.  Validating.
Len Lawrence 2017-11-29 17:39:32 CET

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2017-11-29 19:53:39 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0432.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.