Thunderbird 78.6.1 has been released today (January 11). For some reason, the release notes are not available yet: https://www.thunderbird.net/en-US/thunderbird/78.6.1/releasenotes/ but the security advisory is: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/ It fixes the same issue as Firefox 78.6.1 (Bug 28034).
Whiteboard: (none) => MGA7TOO
CVE: (none) => CVE-2020-16044CC: (none) => nicolas.salgueroSource RPM: thunderbird => thunderbird, thunderbird-l10n
Version: Cauldron => 7
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk. (CVE-2020-16044) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16044 https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/ https://www.thunderbird.net/en-US/thunderbird/78.6.1/releasenotes/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-78.6.1-1.mga7 thunderbird-enigmail-78.6.1-1.mga7 thunderbird-ar-78.6.1-1.mga7 thunderbird-ast-78.6.1-1.mga7 thunderbird-be-78.6.1-1.mga7 thunderbird-bg-78.6.1-1.mga7 thunderbird-br-78.6.1-1.mga7 thunderbird-ca-78.6.1-1.mga7 thunderbird-cs-78.6.1-1.mga7 thunderbird-cy-78.6.1-1.mga7 thunderbird-da-78.6.1-1.mga7 thunderbird-de-78.6.1-1.mga7 thunderbird-el-78.6.1-1.mga7 thunderbird-en_GB-78.6.1-1.mga7 thunderbird-en_US-78.6.1-1.mga7 thunderbird-es_AR-78.6.1-1.mga7 thunderbird-es_ES-78.6.1-1.mga7 thunderbird-et-78.6.1-1.mga7 thunderbird-eu-78.6.1-1.mga7 thunderbird-fi-78.6.1-1.mga7 thunderbird-fr-78.6.1-1.mga7 thunderbird-fy_NL-78.6.1-1.mga7 thunderbird-ga_IE-78.6.1-1.mga7 thunderbird-gd-78.6.1-1.mga7 thunderbird-gl-78.6.1-1.mga7 thunderbird-he-78.6.1-1.mga7 thunderbird-hr-78.6.1-1.mga7 thunderbird-hsb-78.6.1-1.mga7 thunderbird-hu-78.6.1-1.mga7 thunderbird-hy_AM-78.6.1-1.mga7 thunderbird-id-78.6.1-1.mga7 thunderbird-is-78.6.1-1.mga7 thunderbird-it-78.6.1-1.mga7 thunderbird-ja-78.6.1-1.mga7 thunderbird-ka-78.6.1-1.mga7 thunderbird-kab-78.6.1-1.mga7 thunderbird-kk-78.6.1-1.mga7 thunderbird-ko-78.6.1-1.mga7 thunderbird-lt-78.6.1-1.mga7 thunderbird-ms-78.6.1-1.mga7 thunderbird-nb_NO-78.6.1-1.mga7 thunderbird-nl-78.6.1-1.mga7 thunderbird-nn_NO-78.6.1-1.mga7 thunderbird-pl-78.6.1-1.mga7 thunderbird-pt_BR-78.6.1-1.mga7 thunderbird-pt_PT-78.6.1-1.mga7 thunderbird-ro-78.6.1-1.mga7 thunderbird-ru-78.6.1-1.mga7 thunderbird-si-78.6.1-1.mga7 thunderbird-sk-78.6.1-1.mga7 thunderbird-sl-78.6.1-1.mga7 thunderbird-sq-78.6.1-1.mga7 thunderbird-sv_SE-78.6.1-1.mga7 thunderbird-tr-78.6.1-1.mga7 thunderbird-uk-78.6.1-1.mga7 thunderbird-uz-78.6.1-1.mga7 thunderbird-vi-78.6.1-1.mga7 thunderbird-zh_CN-78.6.1-1.mga7 thunderbird-zh_TW-78.6.1-1.mga7 from SRPMS: thunderbird-78.6.1-1.mga7.src.rpm thunderbird-l10n-78.6.1-1.mga7.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA7TOO => (none)
64-bit Plasma system, i5 2500, 16GB RAM, Intel graphics, wired Internet connection. Used QA Repo to download all files, even though I knew that they wouldn't all be needed. Updated the US English version. No installation issues. Checked my email, received some from QA, some from others. Sent test message from a gmail account to my yahoo account, and replied. Read newsgroup messages. I don't use enigmail or the calendar, but what I do use works OK.
CC: (none) => andrewsfarm
RedHat has issued an advisory for this today (January 13): https://access.redhat.com/errata/RHSA-2021:0089
On mga7-64 kernel-desktop plasma packages installed cleanly: - thunderbird-78.6.1-1.mga7.x86_64 - thunderbird-en_GB-78.6.1-1.mga7.noarch email (POP, SMTP): OK Calendar: OK Address book: OK Movemail: OK looks OK for mga7-64
CC: (none) => jim
(In reply to Thomas Andrews from comment #2) > 64-bit Plasma system, i5 2500, 16GB RAM, Intel graphics, wired Internet > connection. > > Used QA Repo to download all files, even though I knew that they wouldn't > all be needed. Updated the US English version. No installation issues. > > Checked my email, received some from QA, some from others. Sent test message > from a gmail account to my yahoo account, and replied. Read newsgroup > messages. > > I don't use enigmail or the calendar, but what I do use works OK. Same on a M7 Plasma openPGP functionality is OK Calendar too. IMAP and secure IMAP also. Looks good. Validating. Advisory pushed to SVN.
Whiteboard: (none) => MGA7-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0027.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED