Bug 27707 - Thunderbird 78.5.1
Summary: Thunderbird 78.5.1
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-12-02 16:13 CET by David Walser
Modified: 2020-12-14 22:43 CET (History)
7 users (show)

See Also:
Source RPM: thunderbird-78.5.0-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-12-02 16:13:26 CET
Mozilla has released Thunderbird 78.5.1 today (December 2):
https://www.thunderbird.net/en-US/thunderbird/78.5.1/releasenotes/

It fixes a security issue:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
Comment 1 David Walser 2020-12-02 16:20:59 CET
We can ship the rootcerts-20201201.00 update with this update.
Comment 2 Nicolas Salguero 2020-12-02 16:28:39 CET
So nss needs to be rebuilt, isn't it?
Comment 3 David Walser 2020-12-02 16:52:41 CET
rootcerts-20201201.00-1.mga7
rootcerts-java-20201201.00-1.mga7

from rootcerts-20201201.00-1.mga7.src.rpm

No nspr or nss updates available at this time, so you can build TB.
Comment 4 David Walser 2020-12-02 17:43:27 CET
No, nss does not build libnssckbi.so (which bundled rootcerts) any more.
Comment 5 David Walser 2020-12-03 04:22:49 CET
Advisory:
========================

Updated thunderbird packages fix security vulnerability:

When reading SMTP server status codes, Thunderbird writes an integer value to a
position on the stack that is intended to contain just one byte. Depending on
processor architecture and stack layout, this leads to stack corruption that
may be exploitable (CVE-2020-26970).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26970
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
https://www.thunderbird.net/en-US/thunderbird/78.5.1/releasenotes/
========================

Updated packages in core/updates_testing:
========================
rootcerts-20201201.00-1.mga7
rootcerts-java-20201201.00-1.mga7
thunderbird-78.5.1-1.mga7
thunderbird-enigmail-78.5.1-1.mga7
thunderbird-ar-78.5.1-1.mga7
thunderbird-ast-78.5.1-1.mga7
thunderbird-be-78.5.1-1.mga7
thunderbird-bg-78.5.1-1.mga7
thunderbird-br-78.5.1-1.mga7
thunderbird-ca-78.5.1-1.mga7
thunderbird-cs-78.5.1-1.mga7
thunderbird-cy-78.5.1-1.mga7
thunderbird-da-78.5.1-1.mga7
thunderbird-de-78.5.1-1.mga7
thunderbird-el-78.5.1-1.mga7
thunderbird-en_GB-78.5.1-1.mga7
thunderbird-en_US-78.5.1-1.mga7
thunderbird-es_AR-78.5.1-1.mga7
thunderbird-es_ES-78.5.1-1.mga7
thunderbird-et-78.5.1-1.mga7
thunderbird-eu-78.5.1-1.mga7
thunderbird-fi-78.5.1-1.mga7
thunderbird-fr-78.5.1-1.mga7
thunderbird-fy_NL-78.5.1-1.mga7
thunderbird-ga_IE-78.5.1-1.mga7
thunderbird-gd-78.5.1-1.mga7
thunderbird-gl-78.5.1-1.mga7
thunderbird-he-78.5.1-1.mga7
thunderbird-hr-78.5.1-1.mga7
thunderbird-hsb-78.5.1-1.mga7
thunderbird-hu-78.5.1-1.mga7
thunderbird-hy_AM-78.5.1-1.mga7
thunderbird-id-78.5.1-1.mga7
thunderbird-is-78.5.1-1.mga7
thunderbird-it-78.5.1-1.mga7
thunderbird-ja-78.5.1-1.mga7
thunderbird-ka-78.5.1-1.mga7
thunderbird-kab-78.5.1-1.mga7
thunderbird-kk-78.5.1-1.mga7
thunderbird-ko-78.5.1-1.mga7
thunderbird-lt-78.5.1-1.mga7
thunderbird-ms-78.5.1-1.mga7
thunderbird-nb_NO-78.5.1-1.mga7
thunderbird-nl-78.5.1-1.mga7
thunderbird-nn_NO-78.5.1-1.mga7
thunderbird-pl-78.5.1-1.mga7
thunderbird-pt_BR-78.5.1-1.mga7
thunderbird-pt_PT-78.5.1-1.mga7
thunderbird-ro-78.5.1-1.mga7
thunderbird-ru-78.5.1-1.mga7
thunderbird-si-78.5.1-1.mga7
thunderbird-sk-78.5.1-1.mga7
thunderbird-sl-78.5.1-1.mga7
thunderbird-sq-78.5.1-1.mga7
thunderbird-sv_SE-78.5.1-1.mga7
thunderbird-tr-78.5.1-1.mga7
thunderbird-uk-78.5.1-1.mga7
thunderbird-uz-78.5.1-1.mga7
thunderbird-vi-78.5.1-1.mga7
thunderbird-zh_CN-78.5.1-1.mga7
thunderbird-zh_TW-78.5.1-1.mga7

from SRPMS:
rootcerts-20201201.00-1.mga7.src.rpm
thunderbird-78.5.1-1.mga7.src.rpm
thunderbird-l10n-78.5.1-1.mga7.src.rpm

CC: (none) => nicolas.salguero
Assignee: nicolas.salguero => qa-bugs

Comment 6 Morgan Leijström 2020-12-04 11:00:31 CET
64 bit OK here: Plasma, Intel, Nvidia, Swedish.
Clean upgrade and I just continue to use it since yesterday.
Offline IMAP, SMTP.

CC: (none) => fri

Comment 7 James Kerr 2020-12-04 12:47:45 CET
On mga7-64  kernel-desktop  plasma

packages installed cleanly:
- rootcerts-20201201.00-1.mga7.noarch
- rootcerts-java-20201201.00-1.mga7.noarch
- thunderbird-78.5.1-1.mga7.x86_64
- thunderbird-en_GB-78.5.1-1.mga7.noarch

email (POP, SMTP):  OK
Calendar: OK
Address book: OK
Movemail: OK

looks OK for mga7-64

CC: (none) => jim

Comment 8 Herman Viaene 2020-12-04 15:39:57 CET
MGA7-64 MATE on Peaq C1011
No installation issues.
Using pop account, sending to and receiving from other account on my desktop PC without and with appendix (jpg, pdf) all work OK.
Addressbook preserved fro previous version OK.

CC: (none) => herman.viaene

Comment 9 Thomas Andrews 2020-12-04 23:23:35 CET
^4-bit US English version looks good here, too. Giving it an OK and validating. Advisory in Comment 5.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK

Comment 10 Aurelien Oudelet 2020-12-05 17:24:31 CET
Same for French version. IMAP(/SSL), SMTP(/SSL) and POP3 are OK. Enigmail migration OK. x86_64.

Advisory pushed to SVN.

Source RPM: thunderbird => thunderbird-78.5.0-1.mga7.src.rpm
CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 11 Mageia Robot 2020-12-05 20:48:16 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0450.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 12 David Walser 2020-12-14 22:43:29 CET
RedHat has issued an advisory for this today (December 14):
https://access.redhat.com/errata/RHSA-2020:5398

Note You need to log in before you can comment on or make changes to this bug.