Description of problem: Mozilla Thunderbird new version 68.0 Version-Release number of selected component (if applicable): Mageia 7 How reproducible: Update to Thunderbird 68 Steps to Reproduce: 1. 2. 3.
I've tried the official package in my computer with Mageia 7 x64 and works perfectly. Someone that can confirm work in others desktop environmnets and systems x86 and x64 for upload it to update repositories? Greetings.
we'll have version 68.1.0, see bug 25359 *** This bug has been marked as a duplicate of bug 25359 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATECC: (none) => marja11
No, no, no, this is new version of Mozilla Thunderbird, the email client. The bug that you comment is for Mozilla Firefox. Greetings!!
Status: RESOLVED => REOPENEDResolution: DUPLICATE => (none)
(In reply to Jose Manuel López Díaz from comment #3) > No, no, no, this is new version of Mozilla Thunderbird, the email client. > > The bug that you comment is for Mozilla Firefox. > > Greetings!! Oops, sorry @ ns80 and luigi12 Does it fix security issues? I'm not awake enough to spot them https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ If not, is it allowed to push this update to stable, anyway?
CC: (none) => luigiwalser, nicolas.salguero
Ii does not seem to fix security issues. Currently, it fails to build for Cauldron (i586) and I am trying to see if that build failure also occurs for Mageia 7.
(In reply to Marja Van Waes from comment #4) > Does it fix security issues? I'm not awake enough to spot them > https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ > > If not, is it allowed to push this update to stable, anyway? It is allowed. It basically follows the esr branch of firefox on all the code they share.
CC: (none) => tmb
(In reply to Thomas Backlund from comment #6) > (In reply to Marja Van Waes from comment #4) > > > > If not, is it allowed to push this update to stable, anyway? > > > It is allowed. > > It basically follows the esr branch of firefox on all the code they share. Thanks, tmb, so it can be assigned to someone :-) Thanks, ns80, for already working on this. Assigning to you then, also because you're currently the de facto maintainer. CC'ing the registered maintainer.
CC: (none) => doktor5000Assignee: bugsquad => nicolas.salguero
Depends on: (none) => 25359
Suggested advisory: ======================== The updated packages provide the new stable version of Thunderbird and updates enigmail to version 2.1.2. References: https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ https://enigmail.net/index.php/en/download/changelog#enig2.1.2 ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.0-1.mga7 thunderbird-enigmail-68.0-1.mga7 thunderbird-ar-68.0-1.mga7 thunderbird-ast-68.0-1.mga7 thunderbird-be-68.0-1.mga7 thunderbird-bg-68.0-1.mga7 thunderbird-br-68.0-1.mga7 thunderbird-ca-68.0-1.mga7 thunderbird-cs-68.0-1.mga7 thunderbird-cy-68.0-1.mga7 thunderbird-da-68.0-1.mga7 thunderbird-de-68.0-1.mga7 thunderbird-el-68.0-1.mga7 thunderbird-en_GB-68.0-1.mga7 thunderbird-en_US-68.0-1.mga7 thunderbird-es_AR-68.0-1.mga7 thunderbird-es_ES-68.0-1.mga7 thunderbird-et-68.0-1.mga7 thunderbird-eu-68.0-1.mga7 thunderbird-fi-68.0-1.mga7 thunderbird-fr-68.0-1.mga7 thunderbird-fy_NL-68.0-1.mga7 thunderbird-ga_IE-68.0-1.mga7 thunderbird-gd-68.0-1.mga7 thunderbird-gl-68.0-1.mga7 thunderbird-he-68.0-1.mga7 thunderbird-hr-68.0-1.mga7 thunderbird-hsb-68.0-1.mga7 thunderbird-hu-68.0-1.mga7 thunderbird-hy_AM-68.0-1.mga7 thunderbird-id-68.0-1.mga7 thunderbird-is-68.0-1.mga7 thunderbird-it-68.0-1.mga7 thunderbird-ja-68.0-1.mga7 thunderbird-ko-68.0-1.mga7 thunderbird-lt-68.0-1.mga7 thunderbird-nb_NO-68.0-1.mga7 thunderbird-nl-68.0-1.mga7 thunderbird-nn_NO-68.0-1.mga7 thunderbird-pl-68.0-1.mga7 thunderbird-pt_BR-68.0-1.mga7 thunderbird-pt_PT-68.0-1.mga7 thunderbird-ro-68.0-1.mga7 thunderbird-ru-68.0-1.mga7 thunderbird-si-68.0-1.mga7 thunderbird-sk-68.0-1.mga7 thunderbird-sl-68.0-1.mga7 thunderbird-sq-68.0-1.mga7 thunderbird-sv_SE-68.0-1.mga7 thunderbird-tr-68.0-1.mga7 thunderbird-uk-68.0-1.mga7 thunderbird-vi-68.0-1.mga7 thunderbird-zh_CN-68.0-1.mga7 thunderbird-zh_TW-68.0-1.mga7 from SRPMS: thunderbird-68.0-1.mga7.src.rpm thunderbird-l10n-68.0-1.mga7.src.rpm
Status: REOPENED => ASSIGNEDAssignee: nicolas.salguero => qa-bugsSource RPM: Thunderbird => thunderbird, thunderbird-l10n
Hi, I've tried the new version from the testing repositories and works perfectly in Mageia 7 x64. I can send and receive emails, program some task and calendar events. Thanks and greetings!!
Hi, This version does not take into account system dictionaries because it lacks a preference: "spellchecker.dictionary_path" must be set to "/usr/share/myspell" (as it is in firefox). I will push a new version. Best regards, Nico.
Assignee: qa-bugs => nicolas.salguero
I comprobe that if attachment the archive from desktop with the option "Share for email" from plasma desktop menu, thunderbird no attachment the archive correctly and appears a clip icon without the archive. Greetings!!
(In reply to Jose Manuel López Díaz from comment #11) > I comprobe that if attachment the archive from desktop with the option > "Share for email" from plasma desktop menu, thunderbird no attachment the > archive correctly and appears a clip icon without the archive. That problem is fixed with thunderbird-68.0-1.3.mga7
Suggested advisory: ======================== The updated packages provide the new stable version of Thunderbird and updates enigmail to version 2.1.2. References: https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ https://enigmail.net/index.php/en/download/changelog#enig2.1.2 ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.0-1.3.mga7 thunderbird-enigmail-68.0-1.3.mga7 thunderbird-ar-68.0-1.mga7 thunderbird-ast-68.0-1.mga7 thunderbird-be-68.0-1.mga7 thunderbird-bg-68.0-1.mga7 thunderbird-br-68.0-1.mga7 thunderbird-ca-68.0-1.mga7 thunderbird-cs-68.0-1.mga7 thunderbird-cy-68.0-1.mga7 thunderbird-da-68.0-1.mga7 thunderbird-de-68.0-1.mga7 thunderbird-el-68.0-1.mga7 thunderbird-en_GB-68.0-1.mga7 thunderbird-en_US-68.0-1.mga7 thunderbird-es_AR-68.0-1.mga7 thunderbird-es_ES-68.0-1.mga7 thunderbird-et-68.0-1.mga7 thunderbird-eu-68.0-1.mga7 thunderbird-fi-68.0-1.mga7 thunderbird-fr-68.0-1.mga7 thunderbird-fy_NL-68.0-1.mga7 thunderbird-ga_IE-68.0-1.mga7 thunderbird-gd-68.0-1.mga7 thunderbird-gl-68.0-1.mga7 thunderbird-he-68.0-1.mga7 thunderbird-hr-68.0-1.mga7 thunderbird-hsb-68.0-1.mga7 thunderbird-hu-68.0-1.mga7 thunderbird-hy_AM-68.0-1.mga7 thunderbird-id-68.0-1.mga7 thunderbird-is-68.0-1.mga7 thunderbird-it-68.0-1.mga7 thunderbird-ja-68.0-1.mga7 thunderbird-ko-68.0-1.mga7 thunderbird-lt-68.0-1.mga7 thunderbird-nb_NO-68.0-1.mga7 thunderbird-nl-68.0-1.mga7 thunderbird-nn_NO-68.0-1.mga7 thunderbird-pl-68.0-1.mga7 thunderbird-pt_BR-68.0-1.mga7 thunderbird-pt_PT-68.0-1.mga7 thunderbird-ro-68.0-1.mga7 thunderbird-ru-68.0-1.mga7 thunderbird-si-68.0-1.mga7 thunderbird-sk-68.0-1.mga7 thunderbird-sl-68.0-1.mga7 thunderbird-sq-68.0-1.mga7 thunderbird-sv_SE-68.0-1.mga7 thunderbird-tr-68.0-1.mga7 thunderbird-uk-68.0-1.mga7 thunderbird-vi-68.0-1.mga7 thunderbird-zh_CN-68.0-1.mga7 thunderbird-zh_TW-68.0-1.mga7 from SRPMS: thunderbird-68.0-1.3.mga7.src.rpm thunderbird-l10n-68.0-1.mga7.src.rpm
Blocks: (none) => 25415Assignee: nicolas.salguero => qa-bugs
Suggested advisory: ======================== The updated packages update enigmail to version 2.1.2 and provide the new stable version of Thunderbird, which fixes some security issues: Script injection within domain through inner window reuse. (CVE-2019-11711) Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. (CVE-2019-11712) Use-after-free with HTTP/2 cached stream. (CVE-2019-11713) NeckoChild can trigger crash when accessed off of main thread. (CVE-2019-11714) Empty or malformed p256-ECDH public keys may trigger a segmentation fault. (CVE-2019-11729) HTML parsing error can contribute to content XSS. (CVE-2019-11715) globalThis not enumerable until accessed. (CVE-2019-11716) Caret character improperly escaped in origins. (CVE-2019-11717) Out-of-bounds read when importing curve25519 private key. (CVE-2019-11719) Character encoding XSS vulnerability. (CVE-2019-11720) Domain spoofing through unicode latin 'kra' character. (CVE-2019-11721) Same-origin policy treats all files in a directory as having the same-origin. (CVE-2019-11730) Cookie leakage during add-on fetching across private browsing boundaries. (CVE-2019-11723) Retired site input.mozilla.org has remote troubleshooting permissions. (CVE-2019-11724) Websocket resources bypass safebrowsing protections. (CVE-2019-11725) PKCS#1 v1.5 signatures can be used for TLS 1.3. (CVE-2019-11727) Port scanning through Alt-Svc header. (CVE-2019-11728) Memory safety bugs fixed in Firefox 68 and Thunderbird 68. (CVE-2019-11710) Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8, and Thunderbird 68. (CVE-2019-11709) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11712 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11713 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11714 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11716 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11710 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11709 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-28/ https://enigmail.net/index.php/en/download/changelog#enig2.1.2 ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.0-1.3.mga7 thunderbird-enigmail-68.0-1.3.mga7 thunderbird-ar-68.0-1.mga7 thunderbird-ast-68.0-1.mga7 thunderbird-be-68.0-1.mga7 thunderbird-bg-68.0-1.mga7 thunderbird-br-68.0-1.mga7 thunderbird-ca-68.0-1.mga7 thunderbird-cs-68.0-1.mga7 thunderbird-cy-68.0-1.mga7 thunderbird-da-68.0-1.mga7 thunderbird-de-68.0-1.mga7 thunderbird-el-68.0-1.mga7 thunderbird-en_GB-68.0-1.mga7 thunderbird-en_US-68.0-1.mga7 thunderbird-es_AR-68.0-1.mga7 thunderbird-es_ES-68.0-1.mga7 thunderbird-et-68.0-1.mga7 thunderbird-eu-68.0-1.mga7 thunderbird-fi-68.0-1.mga7 thunderbird-fr-68.0-1.mga7 thunderbird-fy_NL-68.0-1.mga7 thunderbird-ga_IE-68.0-1.mga7 thunderbird-gd-68.0-1.mga7 thunderbird-gl-68.0-1.mga7 thunderbird-he-68.0-1.mga7 thunderbird-hr-68.0-1.mga7 thunderbird-hsb-68.0-1.mga7 thunderbird-hu-68.0-1.mga7 thunderbird-hy_AM-68.0-1.mga7 thunderbird-id-68.0-1.mga7 thunderbird-is-68.0-1.mga7 thunderbird-it-68.0-1.mga7 thunderbird-ja-68.0-1.mga7 thunderbird-ko-68.0-1.mga7 thunderbird-lt-68.0-1.mga7 thunderbird-nb_NO-68.0-1.mga7 thunderbird-nl-68.0-1.mga7 thunderbird-nn_NO-68.0-1.mga7 thunderbird-pl-68.0-1.mga7 thunderbird-pt_BR-68.0-1.mga7 thunderbird-pt_PT-68.0-1.mga7 thunderbird-ro-68.0-1.mga7 thunderbird-ru-68.0-1.mga7 thunderbird-si-68.0-1.mga7 thunderbird-sk-68.0-1.mga7 thunderbird-sl-68.0-1.mga7 thunderbird-sq-68.0-1.mga7 thunderbird-sv_SE-68.0-1.mga7 thunderbird-tr-68.0-1.mga7 thunderbird-uk-68.0-1.mga7 thunderbird-vi-68.0-1.mga7 thunderbird-zh_CN-68.0-1.mga7 thunderbird-zh_TW-68.0-1.mga7 from SRPMS: thunderbird-68.0-1.3.mga7.src.rpm thunderbird-l10n-68.0-1.mga7.src.rpm
Component: RPM Packages => SecurityQA Contact: (none) => securitySeverity: normal => critical
(In reply to Nicolas Salguero from comment #12) > (In reply to Jose Manuel López Díaz from comment #11) > > I comprobe that if attachment the archive from desktop with the option > > "Share for email" from plasma desktop menu, thunderbird no attachment the > > archive correctly and appears a clip icon without the archive. > > That problem is fixed with thunderbird-68.0-1.3.mga7 Ok, fixed in thunderbird-68.0-1.3.mga7 Greetings!!
Tested MGA7-64 Send/receive move delete ok for email. Lightning updated, but doesn't show on Thunderbird. IT shows momentarily during the update process, but on restart, the extension shows as installed, but no menu items or calendar as usual. with the 68.0.1.3
CC: (none) => wrw105
When I tried the new version, I got the same issue and I applied the procedure given here: https://support.mozilla.org/en-US/kb/calendar-updates-issues-thunderbird#w_lightning-disappears-after-a-thunderbird-update-release-and-beta-versions to solve the problem.
Thanks, Nicolas! Following the directions there helped. I'm good with this, but as it's a version update, we should probably have someone who uses Enigmail try it out, so I'll wait on adding the OK to the whiteboard.
The link in Comment 17 should probably go in the advisory too.
Whiteboard: (none) => MGA7-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0272.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED