Mozilla has released Thunderbird 52.8 today (May 18): https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/ The security issues fixed are listed here: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ Mageia 5 and Mageia 6 are also affected. If it builds for Mageia 5, we can push the nspr, rootcerts, and nss packages from Bug 22904 with it.
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => doktor5000, mrambo, nicolas.salguero
I am working on it.
Status: NEW => ASSIGNEDCC: (none) => lists.jjorgeAssignee: pkg-bugs => lists.jjorge
Like for 52.7.0 version, I will not push to MGA5 which is long way EOL. Updated package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated thunderbird package fixes bugs and security vulnerabilities. References: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-52.8.0-1.mga6 thunderbird-enigmail-52.8.0-1.mga6 from thunderbird-52.8.0-1.mga6.src.rpm thunderbird-ar-52.8.0-1.mga6.noarch.rpm thunderbird-ast-52.8.0-1.mga6.noarch.rpm thunderbird-be-52.8.0-1.mga6.noarch.rpm thunderbird-bg-52.8.0-1.mga6.noarch.rpm thunderbird-bn_BD-52.8.0-1.mga6.noarch.rpm thunderbird-br-52.8.0-1.mga6.noarch.rpm thunderbird-ca-52.8.0-1.mga6.noarch.rpm thunderbird-cs-52.8.0-1.mga6.noarch.rpm thunderbird-cy-52.8.0-1.mga6.noarch.rpm thunderbird-da-52.8.0-1.mga6.noarch.rpm thunderbird-de-52.8.0-1.mga6.noarch.rpm thunderbird-el-52.8.0-1.mga6.noarch.rpm thunderbird-en_GB-52.8.0-1.mga6.noarch.rpm thunderbird-en_US-52.8.0-1.mga6.noarch.rpm thunderbird-es_AR-52.8.0-1.mga6.noarch.rpm thunderbird-es_ES-52.8.0-1.mga6.noarch.rpm thunderbird-et-52.8.0-1.mga6.noarch.rpm thunderbird-eu-52.8.0-1.mga6.noarch.rpm thunderbird-fi-52.8.0-1.mga6.noarch.rpm thunderbird-fr-52.8.0-1.mga6.noarch.rpm thunderbird-fy_NL-52.8.0-1.mga6.noarch.rpm thunderbird-ga_IE-52.8.0-1.mga6.noarch.rpm thunderbird-gd-52.8.0-1.mga6.noarch.rpm thunderbird-gl-52.8.0-1.mga6.noarch.rpm thunderbird-he-52.8.0-1.mga6.noarch.rpm thunderbird-hr-52.8.0-1.mga6.noarch.rpm thunderbird-hsb-52.8.0-1.mga6.noarch.rpm thunderbird-hu-52.8.0-1.mga6.noarch.rpm thunderbird-hy_AM-52.8.0-1.mga6.noarch.rpm thunderbird-id-52.8.0-1.mga6.noarch.rpm thunderbird-is-52.8.0-1.mga6.noarch.rpm thunderbird-it-52.8.0-1.mga6.noarch.rpm thunderbird-ja-52.8.0-1.mga6.noarch.rpm thunderbird-ko-52.8.0-1.mga6.noarch.rpm thunderbird-lt-52.8.0-1.mga6.noarch.rpm thunderbird-nb_NO-52.8.0-1.mga6.noarch.rpm thunderbird-nl-52.8.0-1.mga6.noarch.rpm thunderbird-nn_NO-52.8.0-1.mga6.noarch.rpm thunderbird-pa_IN-52.8.0-1.mga6.noarch.rpm thunderbird-pl-52.8.0-1.mga6.noarch.rpm thunderbird-pt_BR-52.8.0-1.mga6.noarch.rpm thunderbird-pt_PT-52.8.0-1.mga6.noarch.rpm thunderbird-ro-52.8.0-1.mga6.noarch.rpm thunderbird-ru-52.8.0-1.mga6.noarch.rpm thunderbird-si-52.8.0-1.mga6.noarch.rpm thunderbird-sk-52.8.0-1.mga6.noarch.rpm thunderbird-sl-52.8.0-1.mga6.noarch.rpm thunderbird-sq-52.8.0-1.mga6.noarch.rpm thunderbird-sv_SE-52.8.0-1.mga6.noarch.rpm thunderbird-ta_LK-52.8.0-1.mga6.noarch.rpm thunderbird-tr-52.8.0-1.mga6.noarch.rpm thunderbird-uk-52.8.0-1.mga6.noarch.rpm thunderbird-vi-52.8.0-1.mga6.noarch.rpm thunderbird-zh_CN-52.8.0-1.mga6.noarch.rpm thunderbird-zh_TW-52.8.0-1.mga6.noarch.rpm from thunderbird-l10n-52.8.0-1.mga6.src.rpm
Could someone please try pushing a mga5 build to see if it will build?
(In reply to David Walser from comment #3) > Could someone please try pushing a mga5 build to see if it will build? All in all, it just eats space and cpu time... done.
Still fails with the virtual memory exhausted. Thanks for trying!
Whiteboard: MGA6TOO, MGA5TOO => (none)Version: Cauldron => 6Assignee: lists.jjorge => qa-bugs
Oops, I didn't see that the mga6 build failed too. Not ready just yet :o)
Assignee: qa-bugs => lists.jjorge
RedHat has issued an advisory for this on May 24: https://access.redhat.com/errata/RHSA-2018:1725
Updated to 52.8.0 in production on my workstation, 64 bit. No issues noted. Using online and offline IMAP to several accounts at my ISP.
CC: (none) => fri
Assignee: lists.jjorge => qa-bugs
The build system was finally fixed so the version is -4 instead of -1 for thunderbird and thunderbird-enigmail when build succeeded.
Mageia 6, x86_64 Thunderbird already in use for an IMAP account. It works fine after the update but no testing of enigmail for historical reasons (GNOME keyring and all that). The calendar works as before.
CC: (none) => tarazed25
Mageia 6, x86_64 Using Thunderbird for POP3 email, and for newsgroups. I do not use the calendar. Sent and received messages, all seems successful. Looks OK here.
CC: (none) => andrewsfarm
on mga6-64 - packages installed cleanly: - thunderbird-52.8.0-4.mga6.x86_64 - thunderbird-en_GB-52.8.0-1.mga6.noarch email - POP/SMTP - OK calendar - OK movemail - OK OK here for mga6-64
CC: (none) => jim
Tested mga6-64, IMAP/SMTP/calendar Send/receive/move delete all ok
Whiteboard: (none) => has_procedure mga6-64-okCC: (none) => wrw105
Tested mga6-32 under virtualbox as above, all OK. Validating. ready for push when advisory uploaded to svn.
Whiteboard: has_procedure mga6-64-ok => mga6-64-ok has_procedure mga6-32-okKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150). Mozilla: Backport critical security fixes in Skia (CVE-2018-5183). Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154). Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155). Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159). Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184). Mozilla: Hang via malformed headers (CVE-2018-5161). Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162). Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168). Mozilla: Filename spoofing for external attachments (CVE-2018-5170). Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178). Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5161 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5162 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5185 https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/ https://www.thunderbird.net/en-US/thunderbird/52.8.0/releasenotes/ https://access.redhat.com/errata/RHSA-2018:1725
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0261.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED