Mozilla has released Thunderbird 60.7.2 on June 20: https://www.thunderbird.net/en-US/thunderbird/60.7.2/releasenotes/ fixing two security issues: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ which were discovered being exploited in the wild.
Whiteboard: (none) => MGA7TOO, MGA6TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Type confusion in Array.pop. (CVE-2019-11707) Sandbox escape using Prompt:Open. (CVE-2019-11708) References: https://www.thunderbird.net/en-US/thunderbird/60.7.2/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11708 ======================== Updated packages in core/updates_testing: ======================== thunderbird-60.7.2-1.mga[67] thunderbird-enigmail-60.7.2-1.mga[67] thunderbird-ar-60.7.2-1.mga[67] thunderbird-ast-60.7.2-1.mga[67] thunderbird-be-60.7.2-1.mga[67] thunderbird-bg-60.7.2-1.mga[67] thunderbird-br-60.7.2-1.mga[67] thunderbird-ca-60.7.2-1.mga[67] thunderbird-cs-60.7.2-1.mga[67] thunderbird-cy-60.7.2-1.mga[67] thunderbird-da-60.7.2-1.mga[67] thunderbird-de-60.7.2-1.mga[67] thunderbird-el-60.7.2-1.mga[67] thunderbird-en_GB-60.7.2-1.mga[67] thunderbird-en_US-60.7.2-1.mga[67] thunderbird-es_AR-60.7.2-1.mga[67] thunderbird-es_ES-60.7.2-1.mga[67] thunderbird-et-60.7.2-1.mga[67] thunderbird-eu-60.7.2-1.mga[67] thunderbird-fi-60.7.2-1.mga[67] thunderbird-fr-60.7.2-1.mga[67] thunderbird-fy_NL-60.7.2-1.mga[67] thunderbird-ga_IE-60.7.2-1.mga[67] thunderbird-gd-60.7.2-1.mga[67] thunderbird-gl-60.7.2-1.mga[67] thunderbird-he-60.7.2-1.mga[67] thunderbird-hr-60.7.2-1.mga[67] thunderbird-hsb-60.7.2-1.mga[67] thunderbird-hu-60.7.2-1.mga[67] thunderbird-hy_AM-60.7.2-1.mga[67] thunderbird-id-60.7.2-1.mga[67] thunderbird-is-60.7.2-1.mga[67] thunderbird-it-60.7.2-1.mga[67] thunderbird-ja-60.7.2-1.mga[67] thunderbird-ko-60.7.2-1.mga[67] thunderbird-lt-60.7.2-1.mga[67] thunderbird-nb_NO-60.7.2-1.mga[67] thunderbird-nl-60.7.2-1.mga[67] thunderbird-nn_NO-60.7.2-1.mga[67] thunderbird-pl-60.7.2-1.mga[67] thunderbird-pt_BR-60.7.2-1.mga[67] thunderbird-pt_PT-60.7.2-1.mga[67] thunderbird-ro-60.7.2-1.mga[67] thunderbird-ru-60.7.2-1.mga[67] thunderbird-si-60.7.2-1.mga[67] thunderbird-sk-60.7.2-1.mga[67] thunderbird-sl-60.7.2-1.mga[67] thunderbird-sq-60.7.2-1.mga[67] thunderbird-sv_SE-60.7.2-1.mga[67] thunderbird-tr-60.7.2-1.mga[67] thunderbird-uk-60.7.2-1.mga[67] thunderbird-vi-60.7.2-1.mga[67] thunderbird-zh_CN-60.7.2-1.mga[67] thunderbird-zh_TW-60.7.2-1.mga[67] from SRPMS: thunderbird-60.7.2-1.mga[67].src.rpm thunderbird-l10n-60.7.2-1.mga[67].src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2019-11707, CVE-2019-11708
CC: (none) => nicolas.salgueroSource RPM: thunderbird => thunderbird, thunderbird-l10n
mga6 64 bit, Plasma. Working OK a couple hours total use. Offline IMAP, SMTP, multiple accounts. Not using calendar functions.
CC: (none) => fri
MGA6-32 MATE on IBM Thinkpad R50e No installation issues (Dutch installation). Launched from CLI: $ thunderbird (thunderbird:7214): Gtk-WARNING **: Theme parsing error: <data>:1:31: Expected ')' in color definition (thunderbird:7214): Gtk-WARNING **: Theme parsing error: <data>:1:75: Expected ')' in color definition alloc factor 0,900000 0,900000 alloc factor 0,900000 0,900000 Thunderbird comes up normally Created new account, send mails and received answers with and without attachments, all OK.
CC: (none) => herman.viaeneWhiteboard: MGA7TOO, MGA6TOO => MGA7TOO, MGA6TOO, MGA6-32-OK
mga7 64-bit, Plasma Has worked OK all day today. Sent and received POP email, received newsgroup messages. I do npt use enigmail or the calendar.
Whiteboard: MGA7TOO, MGA6TOO, MGA6-32-OK => MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OKCC: (none) => andrewsfarm
RedHat has issued an advisory for this today (June 27): https://access.redhat.com/errata/RHSA-2019:1623
on mga6-64 plasma packages installed cleanly: - thunderbird-60.7.2-1.mga6.x86_64 - thunderbird-en_GB-60.7.2-1.mga6.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga6-64
CC: (none) => jimWhiteboard: MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK => MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK
This update needs to be re-submitted to mga7 updates-testing. The testing repo's were cleared when mga7 was released.
Whiteboard: MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK => MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK, feedback
packages are now available in mga7 updates-testing
Whiteboard: MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK, feedback => MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK
On mga7-64 packages installed cleanly: - thunderbird-60.7.2-1.mga7.x86_64 - thunderbird-en_GB-60.7.2-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga7-64
Version: Cauldron => 7Whiteboard: MGA7TOO, MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK => MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OKCC: (none) => tmb
Whiteboard: MGA6TOO, MGA6-32-OK, MGA7-64-OK, MGA6-64-OK => MGA6TOO MGA6-32-OK MGA7-64-OK MGA6-64-OK
Looks like enough tests to me, in both Mageias. Validating. Suggested advisory in Comment 1, with additional reference in Comment 5.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0201.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED