Mozilla has released Thunderbird 68.1 on September 11: https://www.thunderbird.net/en-US/thunderbird/68.1.0/releasenotes/ It fixes several bugs and likely security issues as well.
Whiteboard: (none) => MGA7TOO
Suggested advisory: ======================== The updated packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message. (CVE-2019-11739) Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Cross-origin access to unload event attributes. (CVE-2019-11743) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.thunderbird.net/en-US/thunderbird/68.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-30/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.1.0-1.mga7 thunderbird-enigmail-68.1.0-1.mga7 thunderbird-ar-68.1.0-1.mga7 thunderbird-ast-68.1.0-1.mga7 thunderbird-be-68.1.0-1.mga7 thunderbird-bg-68.1.0-1.mga7 thunderbird-br-68.1.0-1.mga7 thunderbird-ca-68.1.0-1.mga7 thunderbird-cs-68.1.0-1.mga7 thunderbird-cy-68.1.0-1.mga7 thunderbird-da-68.1.0-1.mga7 thunderbird-de-68.1.0-1.mga7 thunderbird-el-68.1.0-1.mga7 thunderbird-en_GB-68.1.0-1.mga7 thunderbird-en_US-68.1.0-1.mga7 thunderbird-es_AR-68.1.0-1.mga7 thunderbird-es_ES-68.1.0-1.mga7 thunderbird-et-68.1.0-1.mga7 thunderbird-eu-68.1.0-1.mga7 thunderbird-fi-68.1.0-1.mga7 thunderbird-fr-68.1.0-1.mga7 thunderbird-fy_NL-68.1.0-1.mga7 thunderbird-ga_IE-68.1.0-1.mga7 thunderbird-gd-68.1.0-1.mga7 thunderbird-gl-68.1.0-1.mga7 thunderbird-he-68.1.0-1.mga7 thunderbird-hr-68.1.0-1.mga7 thunderbird-hsb-68.1.0-1.mga7 thunderbird-hu-68.1.0-1.mga7 thunderbird-hy_AM-68.1.0-1.mga7 thunderbird-id-68.1.0-1.mga7 thunderbird-is-68.1.0-1.mga7 thunderbird-it-68.1.0-1.mga7 thunderbird-ja-68.1.0-1.mga7 thunderbird-ko-68.1.0-1.mga7 thunderbird-lt-68.1.0-1.mga7 thunderbird-nb_NO-68.1.0-1.mga7 thunderbird-nl-68.1.0-1.mga7 thunderbird-nn_NO-68.1.0-1.mga7 thunderbird-pl-68.1.0-1.mga7 thunderbird-pt_BR-68.1.0-1.mga7 thunderbird-pt_PT-68.1.0-1.mga7 thunderbird-ro-68.1.0-1.mga7 thunderbird-ru-68.1.0-1.mga7 thunderbird-si-68.1.0-1.mga7 thunderbird-sk-68.1.0-1.mga7 thunderbird-sl-68.1.0-1.mga7 thunderbird-sq-68.1.0-1.mga7 thunderbird-sv_SE-68.1.0-1.mga7 thunderbird-tr-68.1.0-1.mga7 thunderbird-uk-68.1.0-1.mga7 thunderbird-vi-68.1.0-1.mga7 thunderbird-zh_CN-68.1.0-1.mga7 thunderbird-zh_TW-68.1.0-1.mga7 from SRPMS: thunderbird-68.1.0-1.mga7.src.rpm thunderbird-l10n-68.1.0-1.mga7.src.rpm
Version: Cauldron => 7Severity: normal => majorWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNEDSource RPM: thunderbird => thunderbird, thunderbird-l10nAssignee: nicolas.salguero => qa-bugs
Blocks: (none) => 25437
thunderbird-68.1.0-1.1.mga7 is building for bug 25437.
CC: (none) => nicolas.salgueroAssignee: qa-bugs => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security issues: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message. (CVE-2019-11739) Use-after-free while manipulating video. (CVE-2019-11746) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Use-after-free while extracting a key value in IndexedDB. (CVE-2019-11752) Cross-origin access to unload event attributes. (CVE-2019-11743) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9. (CVE-2019-11740) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740 https://www.thunderbird.net/en-US/thunderbird/68.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-30/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.1.0-1.1.mga7 thunderbird-enigmail-68.1.0-1.1.mga7 thunderbird-ar-68.1.0-1.mga7 thunderbird-ast-68.1.0-1.mga7 thunderbird-be-68.1.0-1.mga7 thunderbird-bg-68.1.0-1.mga7 thunderbird-br-68.1.0-1.mga7 thunderbird-ca-68.1.0-1.mga7 thunderbird-cs-68.1.0-1.mga7 thunderbird-cy-68.1.0-1.mga7 thunderbird-da-68.1.0-1.mga7 thunderbird-de-68.1.0-1.mga7 thunderbird-el-68.1.0-1.mga7 thunderbird-en_GB-68.1.0-1.mga7 thunderbird-en_US-68.1.0-1.mga7 thunderbird-es_AR-68.1.0-1.mga7 thunderbird-es_ES-68.1.0-1.mga7 thunderbird-et-68.1.0-1.mga7 thunderbird-eu-68.1.0-1.mga7 thunderbird-fi-68.1.0-1.mga7 thunderbird-fr-68.1.0-1.mga7 thunderbird-fy_NL-68.1.0-1.mga7 thunderbird-ga_IE-68.1.0-1.mga7 thunderbird-gd-68.1.0-1.mga7 thunderbird-gl-68.1.0-1.mga7 thunderbird-he-68.1.0-1.mga7 thunderbird-hr-68.1.0-1.mga7 thunderbird-hsb-68.1.0-1.mga7 thunderbird-hu-68.1.0-1.mga7 thunderbird-hy_AM-68.1.0-1.mga7 thunderbird-id-68.1.0-1.mga7 thunderbird-is-68.1.0-1.mga7 thunderbird-it-68.1.0-1.mga7 thunderbird-ja-68.1.0-1.mga7 thunderbird-ko-68.1.0-1.mga7 thunderbird-lt-68.1.0-1.mga7 thunderbird-nb_NO-68.1.0-1.mga7 thunderbird-nl-68.1.0-1.mga7 thunderbird-nn_NO-68.1.0-1.mga7 thunderbird-pl-68.1.0-1.mga7 thunderbird-pt_BR-68.1.0-1.mga7 thunderbird-pt_PT-68.1.0-1.mga7 thunderbird-ro-68.1.0-1.mga7 thunderbird-ru-68.1.0-1.mga7 thunderbird-si-68.1.0-1.mga7 thunderbird-sk-68.1.0-1.mga7 thunderbird-sl-68.1.0-1.mga7 thunderbird-sq-68.1.0-1.mga7 thunderbird-sv_SE-68.1.0-1.mga7 thunderbird-tr-68.1.0-1.mga7 thunderbird-uk-68.1.0-1.mga7 thunderbird-vi-68.1.0-1.mga7 thunderbird-zh_CN-68.1.0-1.mga7 thunderbird-zh_TW-68.1.0-1.mga7 from SRPMS: thunderbird-68.1.0-1.1.mga7.src.rpm thunderbird-l10n-68.1.0-1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugs
Been running this for 2 days now without issues
CC: (none) => tmbWhiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0285.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Blocks: 25437 => (none)