Mozilla has released Thunderbird 68.6.0 today (March 12): https://www.thunderbird.net/en-US/thunderbird/68.6.0/releasenotes/ It fixes several security issues: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA7TOO
- thunderbird-68.6.0-1.mga7.x86_64 - thunderbird-sv_SE-68.6.0-1.mga7.noarch OK 64 bit here: Takes over mail and settings. Tested using smtp and imap to send and receive I dont use calendar I will keep using it at work tomorrow.
CC: (none) => fri
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free when removing data about origins. (CVE-2020-6805) BodyStream::OnInputStreamReady was missing protections against state confusion. (CVE-2020-6806) Use-after-free in cubeb during stream destruction. (CVE-2020-6807) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection. (CVE-2020-6811) Out of bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503) The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission. (CVE-2020-6812) Memory safety bugs fixed in Thunderbird 68.6. (CVE-2020-6814) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6811 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6812 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6814 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/ https://www.thunderbird.net/en-US/thunderbird/68.6.0/releasenotes/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.6.0-1.mga7 thunderbird-enigmail-68.6.0-1.mga7 thunderbird-ar-68.6.0-1.mga7 thunderbird-ast-68.6.0-1.mga7 thunderbird-be-68.6.0-1.mga7 thunderbird-bg-68.6.0-1.mga7 thunderbird-br-68.6.0-1.mga7 thunderbird-ca-68.6.0-1.mga7 thunderbird-cs-68.6.0-1.mga7 thunderbird-cy-68.6.0-1.mga7 thunderbird-da-68.6.0-1.mga7 thunderbird-de-68.6.0-1.mga7 thunderbird-el-68.6.0-1.mga7 thunderbird-en_GB-68.6.0-1.mga7 thunderbird-en_US-68.6.0-1.mga7 thunderbird-es_AR-68.6.0-1.mga7 thunderbird-es_ES-68.6.0-1.mga7 thunderbird-et-68.6.0-1.mga7 thunderbird-eu-68.6.0-1.mga7 thunderbird-fi-68.6.0-1.mga7 thunderbird-fr-68.6.0-1.mga7 thunderbird-fy_NL-68.6.0-1.mga7 thunderbird-ga_IE-68.6.0-1.mga7 thunderbird-gd-68.6.0-1.mga7 thunderbird-gl-68.6.0-1.mga7 thunderbird-he-68.6.0-1.mga7 thunderbird-hr-68.6.0-1.mga7 thunderbird-hsb-68.6.0-1.mga7 thunderbird-hu-68.6.0-1.mga7 thunderbird-hy_AM-68.6.0-1.mga7 thunderbird-id-68.6.0-1.mga7 thunderbird-is-68.6.0-1.mga7 thunderbird-it-68.6.0-1.mga7 thunderbird-ja-68.6.0-1.mga7 thunderbird-ko-68.6.0-1.mga7 thunderbird-lt-68.6.0-1.mga7 thunderbird-nb_NO-68.6.0-1.mga7 thunderbird-nl-68.6.0-1.mga7 thunderbird-nn_NO-68.6.0-1.mga7 thunderbird-pl-68.6.0-1.mga7 thunderbird-pt_BR-68.6.0-1.mga7 thunderbird-pt_PT-68.6.0-1.mga7 thunderbird-ro-68.6.0-1.mga7 thunderbird-ru-68.6.0-1.mga7 thunderbird-si-68.6.0-1.mga7 thunderbird-sk-68.6.0-1.mga7 thunderbird-sl-68.6.0-1.mga7 thunderbird-sq-68.6.0-1.mga7 thunderbird-sv_SE-68.6.0-1.mga7 thunderbird-tr-68.6.0-1.mga7 thunderbird-uk-68.6.0-1.mga7 thunderbird-vi-68.6.0-1.mga7 thunderbird-zh_CN-68.6.0-1.mga7 thunderbird-zh_TW-68.6.0-1.mga7 from SRPMS: thunderbird-68.6.0-1.mga7.src.rpm thunderbird-l10n-68.6.0-1.mga7.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Depends on: (none) => 26325
I was wondering where this one was. Updated the US English version on my HP Probook 6550b 64-bit Plasma system. Packages installed cleanly. Received some POP email, read and posted Usenet messages. Looks good. I do not use the calendar, or Enigmail.
CC: (none) => andrewsfarm
On mga7-64 kernel-desktop plasma packages installed cleanly: - thunderbird-68.6.0-1.mga7.x86_64 - thunderbird-en_GB-68.6.0-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga7-64
CC: (none) => jim
I'm using the new version, no problems, calendar ok, task ok, contacts ok. Send and receive emails ok, from POP3 as IMAP. In Mga 7 Plasma 64 Bits
CC: (none) => joselp
CC: (none) => tmb, sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA7-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0142.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (March 19): https://access.redhat.com/errata/RHSA-2020:0905