Mozilla has released Thunderbird 68.12.0 on August 25: https://www.thunderbird.net/en-US/thunderbird/68.12.0/releasenotes/ It fixes security issues: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/
Assignee: bugsquad => nicolas.salgueroSource RPM: (none) => thunderbird, thunderbird-l10n
Depends on: (none) => 27193
Depends on: 27193 => (none)
CC: (none) => nicolas.salgueroAssignee: nicolas.salguero => pkg-bugs
Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664). When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code (CVE-2020-15669). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15664 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15669 https://www.thunderbird.net/en-US/thunderbird/68.12.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-68.12.0-1.mga7 thunderbird-enigmail-68.12.0-1.mga7 thunderbird-ar-68.12.0-1.mga7 thunderbird-ast-68.12.0-1.mga7 thunderbird-be-68.12.0-1.mga7 thunderbird-bg-68.12.0-1.mga7 thunderbird-br-68.12.0-1.mga7 thunderbird-ca-68.12.0-1.mga7 thunderbird-cs-68.12.0-1.mga7 thunderbird-cy-68.12.0-1.mga7 thunderbird-da-68.12.0-1.mga7 thunderbird-de-68.12.0-1.mga7 thunderbird-el-68.12.0-1.mga7 thunderbird-en_GB-68.12.0-1.mga7 thunderbird-en_US-68.12.0-1.mga7 thunderbird-es_AR-68.12.0-1.mga7 thunderbird-es_ES-68.12.0-1.mga7 thunderbird-et-68.12.0-1.mga7 thunderbird-eu-68.12.0-1.mga7 thunderbird-fi-68.12.0-1.mga7 thunderbird-fr-68.12.0-1.mga7 thunderbird-fy_NL-68.12.0-1.mga7 thunderbird-ga_IE-68.12.0-1.mga7 thunderbird-gd-68.12.0-1.mga7 thunderbird-gl-68.12.0-1.mga7 thunderbird-he-68.12.0-1.mga7 thunderbird-hr-68.12.0-1.mga7 thunderbird-hsb-68.12.0-1.mga7 thunderbird-hu-68.12.0-1.mga7 thunderbird-hy_AM-68.12.0-1.mga7 thunderbird-id-68.12.0-1.mga7 thunderbird-is-68.12.0-1.mga7 thunderbird-it-68.12.0-1.mga7 thunderbird-ja-68.12.0-1.mga7 thunderbird-ka-68.12.0-1.mga7 thunderbird-kab-68.12.0-1.mga7 thunderbird-kk-68.12.0-1.mga7 thunderbird-ko-68.12.0-1.mga7 thunderbird-lt-68.12.0-1.mga7 thunderbird-ms-68.12.0-1.mga7 thunderbird-nb_NO-68.12.0-1.mga7 thunderbird-nl-68.12.0-1.mga7 thunderbird-nn_NO-68.12.0-1.mga7 thunderbird-pl-68.12.0-1.mga7 thunderbird-pt_BR-68.12.0-1.mga7 thunderbird-pt_PT-68.12.0-1.mga7 thunderbird-ro-68.12.0-1.mga7 thunderbird-ru-68.12.0-1.mga7 thunderbird-si-68.12.0-1.mga7 thunderbird-sk-68.12.0-1.mga7 thunderbird-sl-68.12.0-1.mga7 thunderbird-sq-68.12.0-1.mga7 thunderbird-sv_SE-68.12.0-1.mga7 thunderbird-tr-68.12.0-1.mga7 thunderbird-uk-68.12.0-1.mga7 thunderbird-uz-68.12.0-1.mga7 thunderbird-vi-68.12.0-1.mga7 thunderbird-zh_CN-68.12.0-1.mga7 thunderbird-zh_TW-68.12.0-1.mga7 from SRPMS: thunderbird-68.12.0-1.mga7.src.rpm thunderbird-l10n-68.12.0-1.mga7.src.rpm
Version: Cauldron => 7Assignee: pkg-bugs => qa-bugs
Updated the US-English version. Both packages installed cleanly. Looked at newsgroups, sent and received email, no regressions noted. I do not use the calendar or enigmail. Holding back the OK a day or two so someone can check the calendar and another language or two, potential trouble spots in previous versions.
CC: (none) => andrewsfarm
Following up on calendar for en_GB. Installed and restarted fine - no more forced new profile. Everything came up as it was. Sent a short email from the address book. Made a couple of entries in the calendar, one of them a reminder, which popped up on time. Looks OK so far.
CC: (none) => tarazed25
On mga7-64 kernel-desktop plasma packages installed cleanly: - thunderbird-68.12.0-1.mga7.x86_64 - thunderbird-en_GB-68.12.0-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK I don't use enigmail or IMAP looks OK for mga7-64
CC: (none) => jim
Installed now in French, 64 bits. No problem reported. I don't use enigmail nor Imap
CC: (none) => yves.brungard_mageia
Should have said - test in comment 3 was IMAP.
Thanks, guys. My own test was with POP mail. Giving this the OK, and validating. Advisory in Comment 1.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0352.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
On mga7-64 kernel-desktop plasma Tests OK: Swedish, IMAP, SMTP Keep using it as main app
CC: (none) => fri
I use TBird in FR, Agenda, and Enigmail under Plasma. I use my TBird extensively for all of these 3 and have not seen any issues as of yet. My TBird manages close to 2,000 emails per day at times and has loads of filters and multiple pop, imap, smtp, aliases. On mga7-64, kernel-desktop plasma
CC: (none) => marc
RedHat has issued an advisory for this today (September 7): https://access.redhat.com/errata/RHSA-2020:3631