Mozilla has released Thunderbird 52.6 on January 25: https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/ The issues fixed are listed here: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => nicolas.salguero
QA Contact: (none) => securityComponent: RPM Packages => Security
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => doktor5000
Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Integer overflow in Skia library during edge builder allocation. (CVE-2018-5095) Use-after-free while editing form elements. (CVE-2018-5096) Use-after-free when source document is manipulated during XSLT. (CVE-2018-5097) Use-after-free while manipulating form input elements. (CVE-2018-5098) Use-after-free with widget listener. (CVE-2018-5099) Use-after-free in HTML media elements. (CVE-2018-5102) Use-after-free during mouse event handling. (CVE-2018-5103) Use-after-free during font face manipulation. (CVE-2018-5104) URL spoofing with right-to-left text aligned left-to-right. (CVE-2018-5117) Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6. (CVE-2018-5089) References: ======================== https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5095 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5096 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5098 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5099 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5103 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5104 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5117 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5089 Updated packages in 5/core/updates_testing: ======================== thunderbird-52.6.0-1.mga5 thunderbird-enigmail-52.6.0-1.mga5 thunderbird-ar-52.6.0-1.mga5 thunderbird-ast-52.6.0-1.mga5 thunderbird-be-52.6.0-1.mga5 thunderbird-bg-52.6.0-1.mga5 thunderbird-bn_BD-52.6.0-1.mga5 thunderbird-br-52.6.0-1.mga5 thunderbird-ca-52.6.0-1.mga5 thunderbird-cs-52.6.0-1.mga5 thunderbird-cy-52.6.0-1.mga5 thunderbird-da-52.6.0-1.mga5 thunderbird-de-52.6.0-1.mga5 thunderbird-el-52.6.0-1.mga5 thunderbird-en_GB-52.6.0-1.mga5 thunderbird-en_US-52.6.0-1.mga5 thunderbird-es_AR-52.6.0-1.mga5 thunderbird-es_ES-52.6.0-1.mga5 thunderbird-et-52.6.0-1.mga5 thunderbird-eu-52.6.0-1.mga5 thunderbird-fi-52.6.0-1.mga5 thunderbird-fr-52.6.0-1.mga5 thunderbird-fy_NL-52.6.0-1.mga5 thunderbird-ga_IE-52.6.0-1.mga5 thunderbird-gd-52.6.0-1.mga5 thunderbird-gl-52.6.0-1.mga5 thunderbird-he-52.6.0-1.mga5 thunderbird-hr-52.6.0-1.mga5 thunderbird-hsb-52.6.0-1.mga5 thunderbird-hu-52.6.0-1.mga5 thunderbird-hy_AM-52.6.0-1.mga5 thunderbird-id-52.6.0-1.mga5 thunderbird-is-52.6.0-1.mga5 thunderbird-it-52.6.0-1.mga5 thunderbird-ja-52.6.0-1.mga5 thunderbird-ko-52.6.0-1.mga5 thunderbird-lt-52.6.0-1.mga5 thunderbird-nb_NO-52.6.0-1.mga5 thunderbird-nl-52.6.0-1.mga5 thunderbird-nn_NO-52.6.0-1.mga5 thunderbird-pa_IN-52.6.0-1.mga5 thunderbird-pl-52.6.0-1.mga5 thunderbird-pt_BR-52.6.0-1.mga5 thunderbird-pt_PT-52.6.0-1.mga5 thunderbird-ro-52.6.0-1.mga5 thunderbird-ru-52.6.0-1.mga5 thunderbird-si-52.6.0-1.mga5 thunderbird-sk-52.6.0-1.mga5 thunderbird-sl-52.6.0-1.mga5 thunderbird-sq-52.6.0-1.mga5 thunderbird-sv_SE-52.6.0-1.mga5 thunderbird-ta_LK-52.6.0-1.mga5 thunderbird-tr-52.6.0-1.mga5 thunderbird-uk-52.6.0-1.mga5 thunderbird-vi-52.6.0-1.mga5 thunderbird-zh_CN-52.6.0-1.mga5 thunderbird-zh_TW-52.6.0-1.mga6 from SRPMS: thunderbird-52.6.0-1.mga5.src.rpm thunderbird-l10n-52.6.0-1.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== thunderbird-52.6.0-1.mga6 thunderbird-enigmail-52.6.0-1.mga6 thunderbird-ar-52.6.0-1.mga6 thunderbird-ast-52.6.0-1.mga6 thunderbird-be-52.6.0-1.mga6 thunderbird-bg-52.6.0-1.mga6 thunderbird-bn_BD-52.6.0-1.mga6 thunderbird-br-52.6.0-1.mga6 thunderbird-ca-52.6.0-1.mga6 thunderbird-cs-52.6.0-1.mga6 thunderbird-cy-52.6.0-1.mga6 thunderbird-da-52.6.0-1.mga6 thunderbird-de-52.6.0-1.mga6 thunderbird-el-52.6.0-1.mga6 thunderbird-en_GB-52.6.0-1.mga6 thunderbird-en_US-52.6.0-1.mga6 thunderbird-es_AR-52.6.0-1.mga6 thunderbird-es_ES-52.6.0-1.mga6 thunderbird-et-52.6.0-1.mga6 thunderbird-eu-52.6.0-1.mga6 thunderbird-fi-52.6.0-1.mga6 thunderbird-fr-52.6.0-1.mga6 thunderbird-fy_NL-52.6.0-1.mga6 thunderbird-ga_IE-52.6.0-1.mga6 thunderbird-gd-52.6.0-1.mga6 thunderbird-gl-52.6.0-1.mga6 thunderbird-he-52.6.0-1.mga6 thunderbird-hr-52.6.0-1.mga6 thunderbird-hsb-52.6.0-1.mga6 thunderbird-hu-52.6.0-1.mga6 thunderbird-hy_AM-52.6.0-1.mga6 thunderbird-id-52.6.0-1.mga6 thunderbird-is-52.6.0-1.mga6 thunderbird-it-52.6.0-1.mga6 thunderbird-ja-52.6.0-1.mga6 thunderbird-ko-52.6.0-1.mga6 thunderbird-lt-52.6.0-1.mga6 thunderbird-nb_NO-52.6.0-1.mga6 thunderbird-nl-52.6.0-1.mga6 thunderbird-nn_NO-52.6.0-1.mga6 thunderbird-pa_IN-52.6.0-1.mga6 thunderbird-pl-52.6.0-1.mga6 thunderbird-pt_BR-52.6.0-1.mga6 thunderbird-pt_PT-52.6.0-1.mga6 thunderbird-ro-52.6.0-1.mga6 thunderbird-ru-52.6.0-1.mga6 thunderbird-si-52.6.0-1.mga6 thunderbird-sk-52.6.0-1.mga6 thunderbird-sl-52.6.0-1.mga6 thunderbird-sq-52.6.0-1.mga6 thunderbird-sv_SE-52.6.0-1.mga6 thunderbird-ta_LK-52.6.0-1.mga6 thunderbird-tr-52.6.0-1.mga6 thunderbird-uk-52.6.0-1.mga6 thunderbird-vi-52.6.0-1.mga6 thunderbird-zh_CN-52.6.0-1.mga6 thunderbird-zh_TW-52.6.0-1.mga6 from SRPMS: thunderbird-52.6.0-1.mga6.src.rpm thunderbird-l10n-52.6.0-1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOStatus: NEW => ASSIGNEDSource RPM: thunderbird => thunderbird, thunderbird-l10nVersion: Cauldron => 6Assignee: doktor5000 => qa-bugs
Used this on two very different sets of hardware in 64-bit Mageia 6 Plasma systems. Sent and received emails and newsgroup posts, with no issues noted. Looks OK to me.
CC: (none) => andrewsfarm
on mga5-64 KDE packages installed cleanly: - thunderbird-52.6.0-1.mga5.x86_64 - thunderbird-en_GB-52.6.0-1.mga5.noarch email - POP/SMTP - OK calendar - OK movemail - OK not tested - IMAP, enigmail to the extent tested, OK for mga5-64
CC: (none) => jim
on mga5-32 in a vbox VM packages installed cleanly: - thunderbird-52.6.0-1.mga5.i586 - thunderbird-en_GB-52.6.0-1.mga5.noarch email - POP/SMTP - OK movemail - OK calendar - OK not tested - IMAP, enigmail to the extent tested, OK for mga5-32
The Lightning extension is marked as incompatible with 52.6.0!
(In reply to Frédéric Buclin from comment #6) > The Lightning extension is marked as incompatible with 52.6.0! Hum, this is maybe because I also tested upstream 58.0b3, where Lightning is working fine.
MGA5-32 on Dell Latitude D600 Xfce This is an update on on existing Thunderbird configuration in Dutch with a POP3 account. I could send an e-mail to another account, read on other PC. I could register a new event in the calender. All seems OK to me.
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OKCC: (none) => herman.viaene
Mageia 6 :: x86_64 Using this habitually so have installed the updates, with the en_GB package. No problem with sending and receiving emails. Ignoring enigmail for historic reasons. Keeping an eye open for any regressions. Godd for 64 bits.
CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
Installed in a 64-bit MGA5 system, server kernel, nvidia340 graphics. Sent email to myself, checked newsgroups, everything looks OK.
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OK
Test in 32 bit with enigmail, encrypted mail sent ok, received also
CC: (none) => lists.jjorge
on mga6-64 plasma packages installed cleanly: - thunderbird-52.6.0-1.mga6.x86_64 - thunderbird-en_GB-52.6.0-1.mga6.noarch email: POP/SMTP - OK calendar - OK movemail - OK not tested: IMAP, enigmail To the extent tested, OK for mga6-64
on mga6-32 in a vbox VM packages installed cleanly: - thunderbird-52.6.0-1.mga6.i586 - thunderbird-en_GB-52.6.0-1.mga6.noarch email - POP/SMTP - OK movemail - OK calendar - OK to extent tested, OK for mga6-32
Re comment 9: should have added - imail server.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0115.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED