Mozilla has released Thunderbird 78.5.0 on November 17: https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/ It fixes security issues: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => m
Whiteboard: m => MGA7TOOAssignee: bugsquad => nicolas.salgueroSeverity: normal => major
Depends on: (none) => 27617
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. (CVE-2020-26951) Variable time processing of cross-origin images during drawImage calls. (CVE-2020-16012) Fullscreen could be enabled without displaying the security UI. (CVE-2020-26953) XSS through paste (manual and clipboard API). (CVE-2020-26956) Requests intercepted through ServiceWorkers lacked MIME type restrictions. (CVE-2020-26958) Use-after-free in WebRequestService. (CVE-2020-26959) Potential use-after-free in uses of nsTArray. (CVE-2020-26960) DoH did not filter IPv4 mapped IP Addresses. (CVE-2020-26961) Software keyboards may have remembered typed passwords. (CVE-2020-26965) Single-word search queries were also broadcast to local network. (CVE-2020-26966) Memory safety bugs fixed in Thunderbird 78.5. (CVE-2020-26968) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26953 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26956 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26961 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26965 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26966 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26968 https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-78.5.0-1.mga7 thunderbird-enigmail-78.5.0-1.mga7 thunderbird-ar-78.5.0-1.mga7 thunderbird-ast-78.5.0-1.mga7 thunderbird-be-78.5.0-1.mga7 thunderbird-bg-78.5.0-1.mga7 thunderbird-br-78.5.0-1.mga7 thunderbird-ca-78.5.0-1.mga7 thunderbird-cs-78.5.0-1.mga7 thunderbird-cy-78.5.0-1.mga7 thunderbird-da-78.5.0-1.mga7 thunderbird-de-78.5.0-1.mga7 thunderbird-el-78.5.0-1.mga7 thunderbird-en_GB-78.5.0-1.mga7 thunderbird-en_US-78.5.0-1.mga7 thunderbird-es_AR-78.5.0-1.mga7 thunderbird-es_ES-78.5.0-1.mga7 thunderbird-et-78.5.0-1.mga7 thunderbird-eu-78.5.0-1.mga7 thunderbird-fi-78.5.0-1.mga7 thunderbird-fr-78.5.0-1.mga7 thunderbird-fy_NL-78.5.0-1.mga7 thunderbird-ga_IE-78.5.0-1.mga7 thunderbird-gd-78.5.0-1.mga7 thunderbird-gl-78.5.0-1.mga7 thunderbird-he-78.5.0-1.mga7 thunderbird-hr-78.5.0-1.mga7 thunderbird-hsb-78.5.0-1.mga7 thunderbird-hu-78.5.0-1.mga7 thunderbird-hy_AM-78.5.0-1.mga7 thunderbird-id-78.5.0-1.mga7 thunderbird-is-78.5.0-1.mga7 thunderbird-it-78.5.0-1.mga7 thunderbird-ja-78.5.0-1.mga7 thunderbird-ka-78.5.0-1.mga7 thunderbird-kab-78.5.0-1.mga7 thunderbird-kk-78.5.0-1.mga7 thunderbird-ko-78.5.0-1.mga7 thunderbird-lt-78.5.0-1.mga7 thunderbird-ms-78.5.0-1.mga7 thunderbird-nb_NO-78.5.0-1.mga7 thunderbird-nl-78.5.0-1.mga7 thunderbird-nn_NO-78.5.0-1.mga7 thunderbird-pl-78.5.0-1.mga7 thunderbird-pt_BR-78.5.0-1.mga7 thunderbird-pt_PT-78.5.0-1.mga7 thunderbird-ro-78.5.0-1.mga7 thunderbird-ru-78.5.0-1.mga7 thunderbird-si-78.5.0-1.mga7 thunderbird-sk-78.5.0-1.mga7 thunderbird-sl-78.5.0-1.mga7 thunderbird-sq-78.5.0-1.mga7 thunderbird-sv_SE-78.5.0-1.mga7 thunderbird-tr-78.5.0-1.mga7 thunderbird-uk-78.5.0-1.mga7 thunderbird-uz-78.5.0-1.mga7 thunderbird-vi-78.5.0-1.mga7 thunderbird-zh_CN-78.5.0-1.mga7 thunderbird-zh_TW-78.5.0-1.mga7 from SRPMS: thunderbird-78.5.0-1.mga7.src.rpm thunderbird-l10n-78.5.0-1.mga7.src.rpm
Status: NEW => ASSIGNEDWhiteboard: MGA7TOO => (none)CC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugsVersion: Cauldron => 7
MGA7-64 MATE on Peaq C1011 No installation issues. Send and receive mail from and to other account on my desktopPC, without and with attachment. All OK
CC: (none) => herman.viaene
tested mga7-64 Send/receive/move/delete over IMAP/SMTP all ok.
CC: (none) => wrw105Whiteboard: (none) => mga7-64-ok
Whiteboard: mga7-64-ok => mga7-64-ok mga7-32-ok
Tested mga7-32 as above, all OK.
MGA7-64 Plasma and Gnome Updating existing installation. UI translated = OK IMAP/POP3 and SMTP OK. SSL/IMAP, SSL/POP3 and SSL/SMTP OK. AddressBook = OK Calendar = OK Send/Receive Encrypted and/or Signed mail = OK. Deleting and importing gnupg private key = OK Handling gnupg public keys = OK As well as seen in upstream releasenotes, openPGP ui in messages is better looking and less confusing. OK MGA7-64-OK ======================================================== Validating, Advisory and packages in Comment 1. Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
CVE-2020-26966 should be removed from the advisory, it only affects Windows.
Keywords: advisory, validated_update => (none)
OK mga7-64 plasma: Swedish, offline IMAP, SMTP
CC: (none) => fri
(In reply to David Walser from comment #6) > CVE-2020-26966 should be removed from the advisory, it only affects Windows. Done.
Keywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0433.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this today (November 30): https://access.redhat.com/errata/RHSA-2020:5236