Mozilla has released Firefox 68.2.0 yesterday (October 22): https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/
Depends on: (none) => 25595Source RPM: (none) => thunderbird, thunderbird-l10n
I take it that you mean Thunderbird, not Firefox (that has bug 25595). Assigning to Florian for Thunderbird.
Assignee: bugsquad => doktor5000
Version 68.2 also contains security fixes: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/
Component: RPM Packages => SecurityQA Contact: (none) => securitySeverity: normal => critical
RedHat has issued an advisory for this today (October 29): https://access.redhat.com/errata/RHSA-2019:3237
Mozilla has released Thunderbird 68.2.1 on October 31: https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/
Summary: Thunderbird 68.2 => Thunderbird 68.2.1
There is also Enigmail 2.1.3: https://enigmail.net/index.php/en/download/changelog#enig2.1.3
Blocks: (none) => 25437
Suggested advisory: ======================== The updated packages fix security issues: Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903) Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757) Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758) Stack buffer overflow in HKDF output. (CVE-2019-11759) Stack buffer overflow in WebRTC networking. (CVE-2019-11760) Unintended access to a privileged JSONView object. (CVE-2019-11761) document.domain-based origin isolation has same-origin-property violation. (CVE-2019-11762) Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764 https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ https://access.redhat.com/errata/RHSA-2019:3237 https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/ https://enigmail.net/index.php/en/download/changelog#enig2.1.3 ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.2.1-1.mga7 thunderbird-enigmail-68.2.1-1.mga7 thunderbird-ar-68.2.1-1.mga7 thunderbird-ast-68.2.1-1.mga7 thunderbird-be-68.2.1-1.mga7 thunderbird-bg-68.2.1-1.mga7 thunderbird-br-68.2.1-1.mga7 thunderbird-ca-68.2.1-1.mga7 thunderbird-cs-68.2.1-1.mga7 thunderbird-cy-68.2.1-1.mga7 thunderbird-da-68.2.1-1.mga7 thunderbird-de-68.2.1-1.mga7 thunderbird-el-68.2.1-1.mga7 thunderbird-en_GB-68.2.1-1.mga7 thunderbird-en_US-68.2.1-1.mga7 thunderbird-es_AR-68.2.1-1.mga7 thunderbird-es_ES-68.2.1-1.mga7 thunderbird-et-68.2.1-1.mga7 thunderbird-eu-68.2.1-1.mga7 thunderbird-fi-68.2.1-1.mga7 thunderbird-fr-68.2.1-1.mga7 thunderbird-fy_NL-68.2.1-1.mga7 thunderbird-ga_IE-68.2.1-1.mga7 thunderbird-gd-68.2.1-1.mga7 thunderbird-gl-68.2.1-1.mga7 thunderbird-he-68.2.1-1.mga7 thunderbird-hr-68.2.1-1.mga7 thunderbird-hsb-68.2.1-1.mga7 thunderbird-hu-68.2.1-1.mga7 thunderbird-hy_AM-68.2.1-1.mga7 thunderbird-id-68.2.1-1.mga7 thunderbird-is-68.2.1-1.mga7 thunderbird-it-68.2.1-1.mga7 thunderbird-ja-68.2.1-1.mga7 thunderbird-ko-68.2.1-1.mga7 thunderbird-lt-68.2.1-1.mga7 thunderbird-nb_NO-68.2.1-1.mga7 thunderbird-nl-68.2.1-1.mga7 thunderbird-nn_NO-68.2.1-1.mga7 thunderbird-pl-68.2.1-1.mga7 thunderbird-pt_BR-68.2.1-1.mga7 thunderbird-pt_PT-68.2.1-1.mga7 thunderbird-ro-68.2.1-1.mga7 thunderbird-ru-68.2.1-1.mga7 thunderbird-si-68.2.1-1.mga7 thunderbird-sk-68.2.1-1.mga7 thunderbird-sl-68.2.1-1.mga7 thunderbird-sq-68.2.1-1.mga7 thunderbird-sv_SE-68.2.1-1.mga7 thunderbird-tr-68.2.1-1.mga7 thunderbird-uk-68.2.1-1.mga7 thunderbird-vi-68.2.1-1.mga7 thunderbird-zh_CN-68.2.1-1.mga7 thunderbird-zh_TW-68.2.1-1.mga7 from SRPMS: thunderbird-68.2.1-1.mga7.src.rpm thunderbird-l10n-68.2.1-1.mga7.src.rpm
Status: NEW => ASSIGNEDAssignee: doktor5000 => qa-bugs
Blocks: 25437 => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues overwriting previous version. Tested by sending and receiving e-mail with and without attachments. Addrress book is good. All OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
MGA7-64 Plasma. Tested with an i5,Intel graphics, wired Internet connection. Sent and received email, checked newsgroups, received newsgroup messages. I do not use enigmail, or the calendar. Looks good here. If someone could check the calendar, we could send this one along.
CC: (none) => andrewsfarm
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
It works for me on an IPC3 with an i7 CPU
CC: (none) => bjarne.thomsen
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0316.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
(In reply to Nicolas Salguero from comment #6) > Suggested advisory: > ======================== > > The updated packages fix security issues: > > Heap overflow in expat library in XML_GetCurrentLineNumber. (CVE-2019-15903) > > Use-after-free when creating index updates in IndexedDB. (CVE-2019-11757) > > Potentially exploitable crash due to 360 Total Security. (CVE-2019-11758) > > Stack buffer overflow in HKDF output. (CVE-2019-11759) > > Stack buffer overflow in WebRTC networking. (CVE-2019-11760) > > Unintended access to a privileged JSONView object. (CVE-2019-11761) > > document.domain-based origin isolation has same-origin-property violation. > (CVE-2019-11762) > > Incorrect HTML parsing results in XSS bypass technique. (CVE-2019-11763) > > Memory safety bugs fixed in Thunderbird 68.2. (CVE-2019-11764) > > References: > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11758 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764 > https://www.thunderbird.net/en-US/thunderbird/68.2.0/releasenotes/ > https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ > https://access.redhat.com/errata/RHSA-2019:3237 > https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/ > https://enigmail.net/index.php/en/download/changelog#enig2.1.3 > ======================== > > Updated packages in core/updates_testing: > ======================== > thunderbird-68.2.1-1.mga7 > thunderbird-enigmail-68.2.1-1.mga7 > thunderbird-ar-68.2.1-1.mga7 > thunderbird-ast-68.2.1-1.mga7 > thunderbird-be-68.2.1-1.mga7 > thunderbird-bg-68.2.1-1.mga7 > thunderbird-br-68.2.1-1.mga7 > thunderbird-ca-68.2.1-1.mga7 > thunderbird-cs-68.2.1-1.mga7 > thunderbird-cy-68.2.1-1.mga7 > thunderbird-da-68.2.1-1.mga7 > thunderbird-de-68.2.1-1.mga7 > thunderbird-el-68.2.1-1.mga7 > thunderbird-en_GB-68.2.1-1.mga7 > thunderbird-en_US-68.2.1-1.mga7 > thunderbird-es_AR-68.2.1-1.mga7 > thunderbird-es_ES-68.2.1-1.mga7 > thunderbird-et-68.2.1-1.mga7 > thunderbird-eu-68.2.1-1.mga7 > thunderbird-fi-68.2.1-1.mga7 > thunderbird-fr-68.2.1-1.mga7 > thunderbird-fy_NL-68.2.1-1.mga7 > thunderbird-ga_IE-68.2.1-1.mga7 > thunderbird-gd-68.2.1-1.mga7 > thunderbird-gl-68.2.1-1.mga7 > thunderbird-he-68.2.1-1.mga7 > thunderbird-hr-68.2.1-1.mga7 > thunderbird-hsb-68.2.1-1.mga7 > thunderbird-hu-68.2.1-1.mga7 > thunderbird-hy_AM-68.2.1-1.mga7 > thunderbird-id-68.2.1-1.mga7 > thunderbird-is-68.2.1-1.mga7 > thunderbird-it-68.2.1-1.mga7 > thunderbird-ja-68.2.1-1.mga7 > thunderbird-ko-68.2.1-1.mga7 > thunderbird-lt-68.2.1-1.mga7 > thunderbird-nb_NO-68.2.1-1.mga7 > thunderbird-nl-68.2.1-1.mga7 > thunderbird-nn_NO-68.2.1-1.mga7 > thunderbird-pl-68.2.1-1.mga7 > thunderbird-pt_BR-68.2.1-1.mga7 > thunderbird-pt_PT-68.2.1-1.mga7 > thunderbird-ro-68.2.1-1.mga7 > thunderbird-ru-68.2.1-1.mga7 > thunderbird-si-68.2.1-1.mga7 > thunderbird-sk-68.2.1-1.mga7 > thunderbird-sl-68.2.1-1.mga7 > thunderbird-sq-68.2.1-1.mga7 > thunderbird-sv_SE-68.2.1-1.mga7 > thunderbird-tr-68.2.1-1.mga7 > thunderbird-uk-68.2.1-1.mga7 > thunderbird-vi-68.2.1-1.mga7 > thunderbird-zh_CN-68.2.1-1.mga7 > thunderbird-zh_TW-68.2.1-1.mga7 > > from SRPMS: > thunderbird-68.2.1-1.mga7.src.rpm > thunderbird-l10n-68.2.1-1.mga7.src.rpm on the previous version, I'd overcome this bug by removing the rights w to permissions.sqlite; with the version 68.2.1-1, I wish to restore these rights, but I don't remember exactly how they were (a+w, u+w, g+w, o+w ?)thank you to remind me them
CC: (none) => petlaw726
(In reply to peter lawford from comment #11) > on the previous version, I'd overcome this bug by removing the rights w to > permissions.sqlite; with the version 68.2.1-1, I wish to restore these > rights, but I don't remember exactly how they were (a+w, u+w, g+w, o+w > ?)thank you to remind me them It is u+w.