2476 – Updated mozilla-thunderbird package to fix several security related problems

Bug 2476 - Updated mozilla-thunderbird package to fix several security related problems

Summary: Updated mozilla-thunderbird package to fix several security related problems

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	1
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:	http://www.mozilla.org/security/known...
Whiteboard:
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2011-08-20 19:39 CEST by Funda Wang
Modified:	2011-08-25 09:31 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	mozilla-thunderbird-3.1.12-1.mga1.src.rpm, mozilla-thunderbird-l10n-3.1.12-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Funda Wang 2011-08-20 19:39:59 CEST

Advisory text:

Security issues were identified and fixed in mozilla-thunderbird:

MFSA 2011-19: Miscellaneous memory safety hazards
MFSA 2011-20: Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-21: Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22: Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-23: Multiple dangling pointer vulnerabilities
MFSA 2011-24: Cookie isolation error

For the detail security changelog, see http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html

The updated packages have been updated to latest stable version 3.1.12 to correct those issues.

Comment 1 claire robinson 2011-08-21 17:10:37 CEST

No new mail sound played i586 - Bug 1631 still present. It may be an upstream bug though as it was mentioned on several distro's.

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISound.play]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://messenger/content/preferences/general.js :: anonymous :: line 94"  data: no]


It didn't pull in any language pack but none were installed for some reason after upgrade from MDV 2010.2. Installed en_GB, no problems. Spell checking also appears OK.

No other problems to report as yet. Tested with lightning. I won't be available to test further as we're away for the week.

Comment 2 D Morgan 2011-08-25 00:23:59 CEST

can someone else can test ?  the comment #1 is quite ok for a validation.

CC: (none) => dmorganec

Comment 3 Dave Hodgins 2011-08-25 03:53:33 CEST

I've tested on i586 by creating a pop account, and an nntp account, and
confirmed I can get/send with both.

CC: (none) => davidwhodgins

Comment 4 Luan Pham 2011-08-25 05:04:46 CEST

I had test on x86_64 machine by create POP and NNTP account, and I could send and received messages without any problem.

CC: (none) => pham182b

Comment 5 Dave Hodgins 2011-08-25 05:16:54 CEST

Can somewone from the sysadmin team push the srpm
mozilla-thunderbird-3.1.12-1.mga1.src.rpm
from Core Updates Testing to Core Updates.

Advisory:

Security issues were identified and fixed in mozilla-thunderbird:

MFSA 2011-19: Miscellaneous memory safety hazards
MFSA 2011-20: Use-after-free vulnerability when viewing XUL document with
script disabled
MFSA 2011-21: Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-22: Integer overflow and arbitrary code execution in
Array.reduceRight()
MFSA 2011-23: Multiple dangling pointer vulnerabilities
MFSA 2011-24: Cookie isolation error

For the detail security changelog, see
http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html

The updated packages have been updated to latest stable version 3.1.12 to
correct those issues.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 D Morgan 2011-08-25 09:31:29 CEST

update pushed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.