Mozilla has released Thunderbird 60.5 on January 29: https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/ It fixes the same security issues as Firefox 60.5: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/ Note that we already fixed the security issue(s) in libical in our package.
Suggested advisory: ======================== The updated packages fix several bugs and some security issues: Use-after-free parsing HTML5 stream. (CVE-2018-18500) Privilege escalation through IPC channel messages. (CVE-2018-18505) Memory safety bugs fixed in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. (CVE-2018-18501) References: ======================== https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501 Updated packages in core/updates_testing: ======================== thunderbird-60.5.0-1.mga6 thunderbird-enigmail-60.5.0-1.mga6 thunderbird-ar-60.5.0-1.mga6 thunderbird-ast-60.5.0-1.mga6 thunderbird-be-60.5.0-1.mga6 thunderbird-bg-60.5.0-1.mga6 thunderbird-br-60.5.0-1.mga6 thunderbird-ca-60.5.0-1.mga6 thunderbird-cs-60.5.0-1.mga6 thunderbird-cy-60.5.0-1.mga6 thunderbird-da-60.5.0-1.mga6 thunderbird-de-60.5.0-1.mga6 thunderbird-el-60.5.0-1.mga6 thunderbird-en_GB-60.5.0-1.mga6 thunderbird-en_US-60.5.0-1.mga6 thunderbird-es_AR-60.5.0-1.mga6 thunderbird-es_ES-60.5.0-1.mga6 thunderbird-et-60.5.0-1.mga6 thunderbird-eu-60.5.0-1.mga6 thunderbird-fi-60.5.0-1.mga6 thunderbird-fr-60.5.0-1.mga6 thunderbird-fy_NL-60.5.0-1.mga6 thunderbird-ga_IE-60.5.0-1.mga6 thunderbird-gd-60.5.0-1.mga6 thunderbird-gl-60.5.0-1.mga6 thunderbird-he-60.5.0-1.mga6 thunderbird-hr-60.5.0-1.mga6 thunderbird-hsb-60.5.0-1.mga6 thunderbird-hu-60.5.0-1.mga6 thunderbird-hy_AM-60.5.0-1.mga6 thunderbird-id-60.5.0-1.mga6 thunderbird-is-60.5.0-1.mga6 thunderbird-it-60.5.0-1.mga6 thunderbird-ja-60.5.0-1.mga6 thunderbird-ko-60.5.0-1.mga6 thunderbird-lt-60.5.0-1.mga6 thunderbird-nb_NO-60.5.0-1.mga6 thunderbird-nl-60.5.0-1.mga6 thunderbird-nn_NO-60.5.0-1.mga6 thunderbird-pl-60.5.0-1.mga6 thunderbird-pt_BR-60.5.0-1.mga6 thunderbird-pt_PT-60.5.0-1.mga6 thunderbird-ro-60.5.0-1.mga6 thunderbird-ru-60.5.0-1.mga6 thunderbird-si-60.5.0-1.mga6 thunderbird-sk-60.5.0-1.mga6 thunderbird-sl-60.5.0-1.mga6 thunderbird-sq-60.5.0-1.mga6 thunderbird-sv_SE-60.5.0-1.mga6 thunderbird-tr-60.5.0-1.mga6 thunderbird-uk-60.5.0-1.mga6 thunderbird-vi-60.5.0-1.mga6 thunderbird-zh_CN-60.5.0-1.mga6 thunderbird-zh_TW-60.5.0-1.mga6 from SRPMS: thunderbird-60.5.0-1.mga6.src.rpm thunderbird-l10n-60.5.0-1.mga6.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
mga6, x86_64 Updated thunderbird and thunderbird-en_GB. Launched it and connected to Google email account. New messages in inbox. List functions working fine. Tabs OK. Checked address book and sent a test email to a friend. In Calendar reminders still marked off. Skipped enigmail for reason quoted on earlier bugs - problems with gnome-keyring. Working fine for me but leaving the OK for other users.
CC: (none) => tarazed25
on mga6-64 kernel-desktop plasma packages installed cleanly: - thunderbird-60.5.0-1.mga6.x86_64 - thunderbird-en_GB-60.5.0-1.mga6.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga6-64
CC: (none) => jim
on mga6-32 plasma (in a vbox VM) packages installed cleanly: - thunderbird-60.5.0-1.mga6.i586 - thunderbird-en_GB-60.5.0-1.mga6.noarch email - POP/SMTP - OK calendar - OK address book - OK movemail - OK not tested: IMAP, enigmail looks OK for mga6-32
RedHat has issued an advisory for this on February 4: https://access.redhat.com/errata/RHSA-2019:0270
OK here 64 bit: Swedish, Plasma, Nvidia, SMTP, offline IMAP. Have been using it in production a day. Only a few mails sent and received, but many in archives. Not using calendar nor enigmail.
CC: (none) => fri
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Sent simple mail and mail with attachment to other account, read on other machine. From the remote (with previous Thunderbird version) answered back and answer received correctly. However, noticed something irregular: each mail sent from this version appears twice in its "sent" box, but the mail is received only once at the remote PC. Answers from there appear only once in the inbox as expected. I wonder whether Len and James and Morgan have checked the "Sent" folder???
CC: (none) => herman.viaene
In reply to comment #7 Works correctly here, but I am not using POP. On one account it as default: the sent folder get a copu of what i send. Another account i have set to put the sent messages in inbox instead (for better threading) and that works too.
I'm not using POP either, just one hotmail account. I'll try tomorrow with a gmail account to see whether that makes any difference.
Re comments 7-9. Just checked the Sent folder on my gmail account and all is normal. No doubling.
Removed the hotmail account completely, added my gmail account and did my test again. All OK now. So I won't object the OK here.
All ok here also in i586.
CC: (none) => lists.jjorgeWhiteboard: (none) => MGA6-32-OK MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0069.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED