Thunderbird 60.7 has been released yesterday (June 13). References: https://www.thunderbird.net/en-US/thunderbird/60.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/ https://www.openwall.com/lists/oss-security/2019/06/13/1 https://www.openwall.com/lists/oss-security/2019/06/13/2 https://www.openwall.com/lists/oss-security/2019/06/13/3 https://www.openwall.com/lists/oss-security/2019/06/13/4
Thunderbird 60.7.1
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA6TOO
Suggested advisory: ======================== The updated packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. (CVE-2019-11703) Heap buffer overflow in icalvalue.c. (CVE-2019-11704) Stack buffer overflow in icalrecur.c. (CVE-2019-11705) Type confusion in icalproperty.c. (CVE-2019-11706) References: https://www.thunderbird.net/en-US/thunderbird/60.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/ https://www.openwall.com/lists/oss-security/2019/06/13/1 https://www.openwall.com/lists/oss-security/2019/06/13/2 https://www.openwall.com/lists/oss-security/2019/06/13/3 https://www.openwall.com/lists/oss-security/2019/06/13/4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11705 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11706 ======================== Updated packages in core/updates_testing: ======================== thunderbird-60.7.1-1.mga6 thunderbird-enigmail-60.7.1-1.mga6 thunderbird-ar-60.7.1-1.mga6 thunderbird-ast-60.7.1-1.mga6 thunderbird-be-60.7.1-1.mga6 thunderbird-bg-60.7.1-1.mga6 thunderbird-br-60.7.1-1.mga6 thunderbird-ca-60.7.1-1.mga6 thunderbird-cs-60.7.1-1.mga6 thunderbird-cy-60.7.1-1.mga6 thunderbird-da-60.7.1-1.mga6 thunderbird-de-60.7.1-1.mga6 thunderbird-el-60.7.1-1.mga6 thunderbird-en_GB-60.7.1-1.mga6 thunderbird-en_US-60.7.1-1.mga6 thunderbird-es_AR-60.7.1-1.mga6 thunderbird-es_ES-60.7.1-1.mga6 thunderbird-et-60.7.1-1.mga6 thunderbird-eu-60.7.1-1.mga6 thunderbird-fi-60.7.1-1.mga6 thunderbird-fr-60.7.1-1.mga6 thunderbird-fy_NL-60.7.1-1.mga6 thunderbird-ga_IE-60.7.1-1.mga6 thunderbird-gd-60.7.1-1.mga6 thunderbird-gl-60.7.1-1.mga6 thunderbird-he-60.7.1-1.mga6 thunderbird-hr-60.7.1-1.mga6 thunderbird-hsb-60.7.1-1.mga6 thunderbird-hu-60.7.1-1.mga6 thunderbird-hy_AM-60.7.1-1.mga6 thunderbird-id-60.7.1-1.mga6 thunderbird-is-60.7.1-1.mga6 thunderbird-it-60.7.1-1.mga6 thunderbird-ja-60.7.1-1.mga6 thunderbird-ko-60.7.1-1.mga6 thunderbird-lt-60.7.1-1.mga6 thunderbird-nb_NO-60.7.1-1.mga6 thunderbird-nl-60.7.1-1.mga6 thunderbird-nn_NO-60.7.1-1.mga6 thunderbird-pl-60.7.1-1.mga6 thunderbird-pt_BR-60.7.1-1.mga6 thunderbird-pt_PT-60.7.1-1.mga6 thunderbird-ro-60.7.1-1.mga6 thunderbird-ru-60.7.1-1.mga6 thunderbird-si-60.7.1-1.mga6 thunderbird-sk-60.7.1-1.mga6 thunderbird-sl-60.7.1-1.mga6 thunderbird-sq-60.7.1-1.mga6 thunderbird-sv_SE-60.7.1-1.mga6 thunderbird-tr-60.7.1-1.mga6 thunderbird-uk-60.7.1-1.mga6 thunderbird-vi-60.7.1-1.mga6 thunderbird-zh_CN-60.7.1-1.mga6 thunderbird-zh_TW-60.7.1-1.mga6 from SRPMS: thunderbird-60.7.1-1.mga6.src.rpm thunderbird-l10n-60.7.1-1.mga6.src.rpm
CVE: (none) => CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706Version: Cauldron => 6Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA6TOO => (none)
64 bit, Plasma: Tests OK and i keep using it: offline IMAP, and SMTP, thousands of emails, swedish.
CC: (none) => fri
mga6, x86_64 Mate, en_GB POP3 No problems apparent. Calendar works.
CC: (none) => tarazed25
on mga6-64 plasma packages installed cleanly: - thunderbird-60.7.1-1.mga6.x86_64 - thunderbird-en_GB-60.7.1-1.mga6.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga6-64
CC: (none) => jim
Whiteboard: (none) => MGA6-64-OK
on mga6-32 plasma (in a vbox VM) packages installed cleanly: - thunderbird-60.7.1-1.mga6.i586 - thunderbird-en_GB-60.7.1-1.mga6.noarch email - POP/SMTP - OK calendar - OK address book - OK movemail - OK not tested: IMAP, enigmail looks OK for mga6-32
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Installed thunderbird + dutch language pack. Launching from CLI gives: $ thunderbird (thunderbird:10496): Gtk-WARNING **: Theme parsing error: <data>:1:31: Expected ')' in color definition (thunderbird:10496): Gtk-WARNING **: Theme parsing error: <data>:1:75: Expected ')' in color definition alloc factor 0,900000 0,900000 alloc factor 0,900000 0,900000 but sending and receiving mail with and without attachment work all OK.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKCC: (none) => herman.viaene
Validating. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0193.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED