Bug 27025 - Thunderbird 68.11
Summary: Thunderbird 68.11
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga7-64-ok mga7-32-ok
Keywords: advisory, validated_update
Depends on: 27011
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-30 10:20 CEST by Nicolas Salguero
Modified: 2020-08-18 19:42 CEST (History)
8 users (show)

See Also:
Source RPM: thunderbird, thunderbird-l10n
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2020-07-30 10:20:50 CEST 
Mozilla has released Thunderbird 68.11.0 on July 30:
https://www.thunderbird.net/en-US/thunderbird/68.11.0/releasenotes/

It fixes security issues.
Nicolas Salguero 2020-07-30 10:21:27 CEST

Depends on: (none) => 27011
Source RPM: (none) => thunderbird, thunderbird-l10n

Comment 1 Lewis Smith 2020-07-31 21:08:22 CEST 
Are you going to do this, Nicolas?
Assigning to you in the hope. CC'ing José who has done several recent new version commits of M7 Thunderbird.

CC: (none) => lists.jjorge
Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2020-08-01 10:34:16 CEST 
Additional reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
Comment 3 Nicolas Salguero 2020-08-01 20:49:31 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Potential leak of redirect targets when loading scripts in a worker. (CVE-2020-15652)

WebRTC data channel leaks internal address to peer. (CVE-2020-6514)

Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture. (CVE-2020-6463)

Memory safety bugs fixed in Thunderbird 68.11. (CVE-2020-15659)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15659
https://www.thunderbird.net/en-US/thunderbird/68.11.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
========================

Updated packages in core/updates_testing:
========================
thunderbird-68.11.0-1.mga7
thunderbird-enigmail-68.11.0-1.mga7
thunderbird-ar-68.11.0-1.mga7
thunderbird-ast-68.11.0-1.mga7
thunderbird-be-68.11.0-1.mga7
thunderbird-bg-68.11.0-1.mga7
thunderbird-br-68.11.0-1.mga7
thunderbird-ca-68.11.0-1.mga7
thunderbird-cak-68.11.0-1.mga7
thunderbird-cs-68.11.0-1.mga7
thunderbird-cy-68.11.0-1.mga7
thunderbird-da-68.11.0-1.mga7
thunderbird-de-68.11.0-1.mga7
thunderbird-el-68.11.0-1.mga7
thunderbird-en_GB-68.11.0-1.mga7
thunderbird-en_US-68.11.0-1.mga7
thunderbird-es_AR-68.11.0-1.mga7
thunderbird-es_ES-68.11.0-1.mga7
thunderbird-et-68.11.0-1.mga7
thunderbird-eu-68.11.0-1.mga7
thunderbird-fi-68.11.0-1.mga7
thunderbird-fr-68.11.0-1.mga7
thunderbird-fy_NL-68.11.0-1.mga7
thunderbird-ga_IE-68.11.0-1.mga7
thunderbird-gd-68.11.0-1.mga7
thunderbird-gl-68.11.0-1.mga7
thunderbird-he-68.11.0-1.mga7
thunderbird-hr-68.11.0-1.mga7
thunderbird-hsb-68.11.0-1.mga7
thunderbird-hu-68.11.0-1.mga7
thunderbird-hy_AM-68.11.0-1.mga7
thunderbird-id-68.11.0-1.mga7
thunderbird-is-68.11.0-1.mga7
thunderbird-it-68.11.0-1.mga7
thunderbird-ja-68.11.0-1.mga7
thunderbird-ka-68.11.0-1.mga7
thunderbird-kab-68.11.0-1.mga7
thunderbird-kk-68.11.0-1.mga7
thunderbird-ko-68.11.0-1.mga7
thunderbird-lt-68.11.0-1.mga7
thunderbird-ms-68.11.0-1.mga7
thunderbird-nb_NO-68.11.0-1.mga7
thunderbird-nl-68.11.0-1.mga7
thunderbird-nn_NO-68.11.0-1.mga7
thunderbird-pl-68.11.0-1.mga7
thunderbird-pt_BR-68.11.0-1.mga7
thunderbird-pt_PT-68.11.0-1.mga7
thunderbird-ro-68.11.0-1.mga7
thunderbird-ru-68.11.0-1.mga7
thunderbird-si-68.11.0-1.mga7
thunderbird-sk-68.11.0-1.mga7
thunderbird-sl-68.11.0-1.mga7
thunderbird-sq-68.11.0-1.mga7
thunderbird-sv_SE-68.11.0-1.mga7
thunderbird-tr-68.11.0-1.mga7
thunderbird-uk-68.11.0-1.mga7
thunderbird-uz-68.11.0-1.mga7
thunderbird-vi-68.11.0-1.mga7
thunderbird-zh_CN-68.11.0-1.mga7
thunderbird-zh_TW-68.11.0-1.mga7

from SRPMS:
thunderbird-68.11.0-1.mga7.src.rpm
thunderbird-l10n-68.11.0-1.mga7.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Comment 4 Bill Wilkinson 2020-08-02 20:54:42 CEST 
Tested mga7-64

Send/receive/move/delete tested on IMAP/SMTP, all OK.

CC: (none) => wrw105
Whiteboard: (none) => mga7-64-ok

Comment 5 Bill Wilkinson 2020-08-02 21:25:36 CEST 
Tested mga7-32 as above, all OK

Only tested with en_us.

Whiteboard: mga7-64-ok => mga7-64-ok mga7-32-ok

Comment 6 Len Lawrence 2020-08-03 00:26:16 CEST 
mga7, x86_64
IMAP, en_GB.  Been running OK for a while.

CC: (none) => tarazed25

Comment 7 Jose Manuel López 2020-08-03 10:35:52 CEST 
Installed in mga 7.1 virtualbox and real, it works ok, plugins, imap and pop 3 accounts.

Greetings!!

CC: (none) => joselp

Comment 8 Morgan Leijström 2020-08-03 12:26:34 CEST 
mga7-64 OK here on Plasma, Nvidia proprietary, i7.
Offline IMAP + SMTP. Several accounts, ten thousands of mails.  Swedish.

CC: (none) => fri

Comment 9 Thomas Andrews 2020-08-03 14:27:53 CEST 
Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 10 David Walser 2020-08-07 03:01:53 CEST 
RedHat has issued an advisory for this today (August 6):
https://access.redhat.com/errata/RHSA-2020:3344
Dave Hodgins 2020-08-18 16:51:00 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 11 Mageia Robot 2020-08-18 19:42:55 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0320.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.