Bug 26455 - Thunderbird 68.7
Summary: Thunderbird 68.7
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-04-08 16:04 CEST by Nicolas Salguero
Modified: 2020-04-23 20:18 CEST (History)
6 users (show)

See Also:
Source RPM: thunderbird, thunderbird-l10n
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2020-04-08 16:04:10 CEST 
Mozilla has released Thunderbird 68.7.0 today (April 8):
https://www.thunderbird.net/en-US/thunderbird/68.7.0/releasenotes/
Comment 1 Nicolas Salguero 2020-04-08 16:20:34 CEST 
Also Enigmail 2.1.6:
https://enigmail.net/index.php/en/download/changelog#enig2.1.6
Comment 2 Lewis Smith 2020-04-08 21:35:30 CEST 
Assigning to you Nicolas as just having updated the Thunderbird SRPM (which includes thunderbird-enigmail) accordingly! Quick work is a euphemism.

Assignee: bugsquad => nicolas.salguero

Comment 3 Jose Manuel López 2020-04-09 07:35:46 CEST 
I've installed in MGA7-64 Plasma VirtualBox, works fine all, themes, preferences, addons, gmail accounts.

Greetings!!

CC: (none) => joselp

Comment 4 Nicolas Salguero 2020-04-11 17:09:16 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Use-after-free while running the nsDocShell destructor. (CVE-2020-6819)

Use-after-free when handling a ReadableStream. (CVE-2020-6820)

Uninitialized memory could be read when using the WebGL copyTexSubImage method. (CVE-2020-6821)

Out of bounds write in GMPDecodeData when processing large images. (CVE-2020-6822)

Memory safety bugs fixed in Thunderbird 68.7.0. (CVE-2020-6825)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6825
https://www.thunderbird.net/en-US/thunderbird/68.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/
https://enigmail.net/index.php/en/download/changelog#enig2.1.6
========================

Updated packages in core/updates_testing:
========================
thunderbird-68.7.0-1.mga7
thunderbird-enigmail-68.7.0-1.mga7
thunderbird-ar-68.7.0-1.mga7
thunderbird-ast-68.7.0-1.mga7
thunderbird-be-68.7.0-1.mga7
thunderbird-bg-68.7.0-1.mga7
thunderbird-br-68.7.0-1.mga7
thunderbird-ca-68.7.0-1.mga7
thunderbird-cs-68.7.0-1.mga7
thunderbird-cy-68.7.0-1.mga7
thunderbird-da-68.7.0-1.mga7
thunderbird-de-68.7.0-1.mga7
thunderbird-el-68.7.0-1.mga7
thunderbird-en_GB-68.7.0-1.mga7
thunderbird-en_US-68.7.0-1.mga7
thunderbird-es_AR-68.7.0-1.mga7
thunderbird-es_ES-68.7.0-1.mga7
thunderbird-et-68.7.0-1.mga7
thunderbird-eu-68.7.0-1.mga7
thunderbird-fi-68.7.0-1.mga7
thunderbird-fr-68.7.0-1.mga7
thunderbird-fy_NL-68.7.0-1.mga7
thunderbird-ga_IE-68.7.0-1.mga7
thunderbird-gd-68.7.0-1.mga7
thunderbird-gl-68.7.0-1.mga7
thunderbird-he-68.7.0-1.mga7
thunderbird-hr-68.7.0-1.mga7
thunderbird-hsb-68.7.0-1.mga7
thunderbird-hu-68.7.0-1.mga7
thunderbird-hy_AM-68.7.0-1.mga7
thunderbird-id-68.7.0-1.mga7
thunderbird-is-68.7.0-1.mga7
thunderbird-it-68.7.0-1.mga7
thunderbird-ja-68.7.0-1.mga7
thunderbird-ko-68.7.0-1.mga7
thunderbird-lt-68.7.0-1.mga7
thunderbird-nb_NO-68.7.0-1.mga7
thunderbird-nl-68.7.0-1.mga7
thunderbird-nn_NO-68.7.0-1.mga7
thunderbird-pl-68.7.0-1.mga7
thunderbird-pt_BR-68.7.0-1.mga7
thunderbird-pt_PT-68.7.0-1.mga7
thunderbird-ro-68.7.0-1.mga7
thunderbird-ru-68.7.0-1.mga7
thunderbird-si-68.7.0-1.mga7
thunderbird-sk-68.7.0-1.mga7
thunderbird-sl-68.7.0-1.mga7
thunderbird-sq-68.7.0-1.mga7
thunderbird-sv_SE-68.7.0-1.mga7
thunderbird-tr-68.7.0-1.mga7
thunderbird-uk-68.7.0-1.mga7
thunderbird-vi-68.7.0-1.mga7
thunderbird-zh_CN-68.7.0-1.mga7
thunderbird-zh_TW-68.7.0-1.mga7

from SRPMS:
thunderbird-68.7.0-1.mga7.src.rpm
thunderbird-l10n-68.7.0-1.mga7.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 7
Source RPM: (none) => thunderbird, thunderbird-l10n

Comment 5 Thomas Andrews 2020-04-13 00:19:03 CEST 
i5-2500, 64-bit Plasma system. Updated the US-English version. Sent and received POP email, checked newsgroups. Looks good so far, though I don't use the calendar or enigmail.

CC: (none) => andrewsfarm

Comment 6 Herman Viaene 2020-04-13 14:40:56 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Connected to pop3 hotmail account. Send and receive mail without and with attachmants to other account handled on desktop PC, all OK.
I don't use enigmail either.

CC: (none) => herman.viaene

Comment 7 Thomas Andrews 2020-04-13 15:09:47 CEST 
HP Probook 6550b, i3, Intel graphics, Intel wifi, 64-bit Plasma system.

No problems with installation. connected to POP account, made a post to Usenet.

No issues noted.
Comment 8 James Kerr 2020-04-13 15:11:18 CEST 
On mga7-64  kernel-desktop  plasma

packages installed cleanly:
- thunderbird-68.7.0-1.mga7.x86_64
- thunderbird-en_GB-68.7.0-1.mga7.noarch

email (POP, SMTP):  OK
Calendar: OK
Address book: OK
Movemail: OK

I don't use enigmail or IMAP

looks OK for mga7-64

CC: (none) => jim

Thomas Backlund 2020-04-15 11:25:18 CEST

Keywords: (none) => advisory, validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => tmb, sysadmin-bugs

Comment 9 Mageia Robot 2020-04-15 12:13:54 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0170.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 10 David Walser 2020-04-23 20:18:27 CEST 
RedHat has issued an advisory for this on April 16:
https://access.redhat.com/errata/RHSA-2020:1489
Note You need to log in before you can comment on or make changes to this bug.