Mozilla has released Thunderbird 68.3.0 yesterday (December 3): https://www.thunderbird.net/en-US/thunderbird/68.3.0/releasenotes/
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA7TOO
Depends on: (none) => 25820
Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
Suggested advisory: ======================== The updated packages fix security issues: Use-after-free in worker destruction. (CVE-2019-17008) Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722) Out of bounds write in NSS when encrypting with a block cipher. (CVE-2019-11745) Updater temporary files accessible to unprivileged processes. (CVE-2019-17009) Use-after-free when performing device orientation checks. (CVE-2019-17010) Buffer overflow in plain text serializer. (CVE-2019-17005) Use-after-free when retrieving a document in antitracking. (CVE-2019-17011) Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3. (CVE-2019-17012) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 https://www.thunderbird.net/en-US/thunderbird/68.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.3.0-1.mga7 thunderbird-enigmail-68.3.0-1.mga7 thunderbird-ar-68.3.0-1.mga7 thunderbird-ast-68.3.0-1.mga7 thunderbird-be-68.3.0-1.mga7 thunderbird-bg-68.3.0-1.mga7 thunderbird-br-68.3.0-1.mga7 thunderbird-ca-68.3.0-1.mga7 thunderbird-cs-68.3.0-1.mga7 thunderbird-cy-68.3.0-1.mga7 thunderbird-da-68.3.0-1.mga7 thunderbird-de-68.3.0-1.mga7 thunderbird-el-68.3.0-1.mga7 thunderbird-en_GB-68.3.0-1.mga7 thunderbird-en_US-68.3.0-1.mga7 thunderbird-es_AR-68.3.0-1.mga7 thunderbird-es_ES-68.3.0-1.mga7 thunderbird-et-68.3.0-1.mga7 thunderbird-eu-68.3.0-1.mga7 thunderbird-fi-68.3.0-1.mga7 thunderbird-fr-68.3.0-1.mga7 thunderbird-fy_NL-68.3.0-1.mga7 thunderbird-ga_IE-68.3.0-1.mga7 thunderbird-gd-68.3.0-1.mga7 thunderbird-gl-68.3.0-1.mga7 thunderbird-he-68.3.0-1.mga7 thunderbird-hr-68.3.0-1.mga7 thunderbird-hsb-68.3.0-1.mga7 thunderbird-hu-68.3.0-1.mga7 thunderbird-hy_AM-68.3.0-1.mga7 thunderbird-id-68.3.0-1.mga7 thunderbird-is-68.3.0-1.mga7 thunderbird-it-68.3.0-1.mga7 thunderbird-ja-68.3.0-1.mga7 thunderbird-ko-68.3.0-1.mga7 thunderbird-lt-68.3.0-1.mga7 thunderbird-nb_NO-68.3.0-1.mga7 thunderbird-nl-68.3.0-1.mga7 thunderbird-nn_NO-68.3.0-1.mga7 thunderbird-pl-68.3.0-1.mga7 thunderbird-pt_BR-68.3.0-1.mga7 thunderbird-pt_PT-68.3.0-1.mga7 thunderbird-ro-68.3.0-1.mga7 thunderbird-ru-68.3.0-1.mga7 thunderbird-si-68.3.0-1.mga7 thunderbird-sk-68.3.0-1.mga7 thunderbird-sl-68.3.0-1.mga7 thunderbird-sq-68.3.0-1.mga7 thunderbird-sv_SE-68.3.0-1.mga7 thunderbird-tr-68.3.0-1.mga7 thunderbird-uk-68.3.0-1.mga7 thunderbird-vi-68.3.0-1.mga7 thunderbird-zh_CN-68.3.0-1.mga7 thunderbird-zh_TW-68.3.0-1.mga7 from SRPMS: thunderbird-68.3.0-1.mga7.src.rpm thunderbird-l10n-68.3.0-1.mga7.src.rpm
Version: Cauldron => 7Assignee: bugsquad => qa-bugsWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNED
CVE-2019-11745 shouldn't be in this advisory, it's in Bug 25792.
Depends on: 25820 => 25792
Ooops, sorry ! Suggested advisory: ======================== The updated packages fix security issues: Use-after-free in worker destruction. (CVE-2019-17008) Stack corruption due to incorrect number of arguments in WebRTC code. (CVE-2019-13722) Updater temporary files accessible to unprivileged processes. (CVE-2019-17009) Use-after-free when performing device orientation checks. (CVE-2019-17010) Buffer overflow in plain text serializer. (CVE-2019-17005) Use-after-free when retrieving a document in antitracking. (CVE-2019-17011) Memory safety bugs fixed in Firefox 71, Firefox ESR 68.3, and Thunderbird 68.3. (CVE-2019-17012) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 https://www.thunderbird.net/en-US/thunderbird/68.3.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/
Seems to work ok here on x86_64
CC: (none) => tmb
MGA7-64 Plasma on Lenovo B50 No installation issues. Thunderbird was already on this laptop. As test removed the existing account from thunderbird, added it again. Send and receive message to and from other account accessed from my desktop PC, withand without attachment. All OK.
CC: (none) => herman.viaene
All ok in MGA7-64 Plasma also here.
CC: (none) => lists.jjorgeWhiteboard: (none) => MGA7-64-OK
Tested with an i586 2005 latop, all ok except the bug which is there since first thunderbird 68 version : https://bugs.mageia.org/show_bug.cgi?id=25842
Whiteboard: MGA7-64-OK => MGA7-64-OK MGA7-32-OK
On mga7-64 kernel-desktop plasma packages installed cleanly: - thunderbird-68.3.0-1.mga7.x86_64 - thunderbird-en_GB-68.3.0-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga7-64
CC: (none) => jim
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0377.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this on December 10: https://access.redhat.com/errata/RHSA-2019:4148