Mozilla has released Thunderbird 78.9.0 on March 23: https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/ Mageia 7 and 8 also affected.
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA8TOO, MGA7TOO
Depends on: (none) => 28641
Assigning this also to you Nicolas as having much maintained it; CC'ing neoclust who also has committed it recently.
Assignee: bugsquad => nicolas.salgueroCC: (none) => mageia
pushed in cauldron mga7/8 by Nicolas: src: - mageia 7: - thunderbird-l10n-78.9.0-1.mga7 - thunderbird-78.9.0-1.mga7 - mageia 8: - thunderbird-l10n-78.9.0-1.mga8 - thunderbird-78.9.0-1.mga8
Assignee: nicolas.salguero => qa-bugsWhiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8
mga7-64 Plasma Nvidia-current quick test OK Picking up settings and many thousands mail in a handful accounts Swedish locale Ask password at start (as set) Offline IMAP, SMTP send printing Continue using it tomorrow etc
CC: (none) => fri
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Texture upload into an unbound backing buffer resulted in an out-of-bound read. (CVE-2021-23981) Angle graphics library out of date. (MOZ-2021-0002) Internal network hosts could have been probed by a malicious webpage. (CVE-2021-23982) Malicious extensions could have spoofed popup information. (CVE-2021-23984) Memory safety bugs fixed in Thunderbird 78.9. (CVE-2021-23987) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987 https://www.thunderbird.net/en-US/thunderbird/78.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/
Status: NEW => ASSIGNED
I have been using the US English version in mga8-64 Plasma for a few hours, with no issues noted.
CC: (none) => andrewsfarm
Testing to day Thunderbird. Update ok with QA Repo and with: thunderbird-78.9.0-1.mga8 thunderbird-fr-78.9.0-1.mga8.noarch.rpm And: lib64nss3-3.63.0-1.mga8.x86_64.rpm lib64nspr4-4.30-1.mga8.x86_64.rpm Because dependencies weren't satisfied Send mail OK and reception Ok I'll try to install it in the day on VM M7
CC: (none) => guillaume.royer
Testing to day Thunderbird M7 VM GNOME Update ok with QA Repo and with: thunderbird-78.9.0-1.mga7 thunderbird-fr-78.9.0-1.mga7.noarch.rpm Configuration new account OK, send mail OK and reception Ok
Mageia 7 and 8 Plasma. x86_64 OK Validating.
CC: (none) => ouaurelien, sysadmin-bugsWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0164.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this on March 25: https://access.redhat.com/errata/RHSA-2021:0993
I was notified by Christian Fischer that the MOZ vulnerabilities have CVEs. SVN advisory updated. Mageia Advisory: https://advisories.mageia.org/MGASA-2021-0164.html Mozilla Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/ Suggested change(s): MOZ-2021-0002 -> CVE-2021-4127