Mozilla has released Thunderbird 78.9.1 on April 8: https://www.thunderbird.net/en-US/thunderbird/78.9.1/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ Mageia 7 and 8 also affected.
Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA8TOO, MGA7TOO
Pardon me assigning this to you - the right man for this SRPM.
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key. (CVE-2021-23991) A crafted OpenPGP key with an invalid user ID could be used to confuse the user. (MOZ-2021-23992) Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key. (CVE-2021-23993) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23993 https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ https://www.thunderbird.net/en-US/thunderbird/78.9.1/releasenotes/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-78.9.1-1.mga{7|8} thunderbird-enigmail-78.9.1-1.mga{7|8} thunderbird-ar-78.9.1-1.mga{7|8} thunderbird-ast-78.9.1-1.mga{7|8} thunderbird-be-78.9.1-1.mga{7|8} thunderbird-bg-78.9.1-1.mga{7|8} thunderbird-br-78.9.1-1.mga{7|8} thunderbird-ca-78.9.1-1.mga{7|8} thunderbird-cs-78.9.1-1.mga{7|8} thunderbird-cy-78.9.1-1.mga{7|8} thunderbird-da-78.9.1-1.mga{7|8} thunderbird-de-78.9.1-1.mga{7|8} thunderbird-el-78.9.1-1.mga{7|8} thunderbird-en_GB-78.9.1-1.mga{7|8} thunderbird-en_US-78.9.1-1.mga{7|8} thunderbird-es_AR-78.9.1-1.mga{7|8} thunderbird-es_ES-78.9.1-1.mga{7|8} thunderbird-et-78.9.1-1.mga{7|8} thunderbird-eu-78.9.1-1.mga{7|8} thunderbird-fi-78.9.1-1.mga{7|8} thunderbird-fr-78.9.1-1.mga{7|8} thunderbird-fy_NL-78.9.1-1.mga{7|8} thunderbird-ga_IE-78.9.1-1.mga{7|8} thunderbird-gd-78.9.1-1.mga{7|8} thunderbird-gl-78.9.1-1.mga{7|8} thunderbird-he-78.9.1-1.mga{7|8} thunderbird-hr-78.9.1-1.mga{7|8} thunderbird-hsb-78.9.1-1.mga{7|8} thunderbird-hu-78.9.1-1.mga{7|8} thunderbird-hy_AM-78.9.1-1.mga{7|8} thunderbird-id-78.9.1-1.mga{7|8} thunderbird-is-78.9.1-1.mga{7|8} thunderbird-it-78.9.1-1.mga{7|8} thunderbird-ja-78.9.1-1.mga{7|8} thunderbird-ka-78.9.1-1.mga{7|8} thunderbird-kab-78.9.1-1.mga{7|8} thunderbird-kk-78.9.1-1.mga{7|8} thunderbird-ko-78.9.1-1.mga{7|8} thunderbird-lt-78.9.1-1.mga{7|8} thunderbird-ms-78.9.1-1.mga{7|8} thunderbird-nb_NO-78.9.1-1.mga{7|8} thunderbird-nl-78.9.1-1.mga{7|8} thunderbird-nn_NO-78.9.1-1.mga{7|8} thunderbird-pl-78.9.1-1.mga{7|8} thunderbird-pt_BR-78.9.1-1.mga{7|8} thunderbird-pt_PT-78.9.1-1.mga{7|8} thunderbird-ro-78.9.1-1.mga{7|8} thunderbird-ru-78.9.1-1.mga{7|8} thunderbird-si-78.9.1-1.mga{7|8} thunderbird-sk-78.9.1-1.mga{7|8} thunderbird-sl-78.9.1-1.mga{7|8} thunderbird-sq-78.9.1-1.mga{7|8} thunderbird-sv_SE-78.9.1-1.mga{7|8} thunderbird-tr-78.9.1-1.mga{7|8} thunderbird-uk-78.9.1-1.mga{7|8} thunderbird-uz-78.9.1-1.mga{7|8} thunderbird-vi-78.9.1-1.mga{7|8} thunderbird-zh_CN-78.9.1-1.mga{7|8} thunderbird-zh_TW-78.9.1-1.mga{7|8} from SRPMS: thunderbird-78.9.1-1.mga{7|8}.src.rpm thunderbird-l10n-78.9.1-1.mga{7|8}.src.rpm
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOStatus: NEW => ASSIGNEDVersion: Cauldron => 8Assignee: nicolas.salguero => qa-bugs
Worsk fine in Mageia 8 Plasma x64. Send and received emails, calendar ok, task ok. No issues here.
CC: (none) => joselp
MGA 8 XFCE Uodats with QA repo and: thunderbird-78.9.1-1.mga8 thunderbird-enigmail-78.9.1-1.mga8 thunderbird-fr-78.9.1-1.mga8 No issues found, reception and send mail OK
CC: (none) => guillaume.royer
Updated OK here too, mga8-64 Plasma, Nvidia-current, swedish IMAP and SMTP
CC: (none) => fri
MGA 7 VM Gnome Updated with QA repo and: thunderbird-78.9.1-1.mga8 thunderbird-enigmail-78.9.1-1.mga8 thunderbird-fr-78.9.1-1.mga8 No issues found, reception and send mail OK
(In reply to Guillaume Royer from comment #6) MGA 7 VM Gnome <=== Really ? ;) > > Updated with QA repo and: > thunderbird-78.9.1-1.mga8 <<=== These should be .mga7... wrong copy/paste? ;) > thunderbird-enigmail-78.9.1-1.mga8 > thunderbird-fr-78.9.1-1.mga8 > > No issues found, reception and send mail OK Same under Plasma. No issue so far since 2 days. Validating.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
(In reply to Aurelien Oudelet from comment #7) > (In reply to Guillaume Royer from comment #6) > MGA 7 VM Gnome <=== Really ? ;) > > > > Updated with QA repo and: > > > thunderbird-78.9.1-1.mga8 <<=== These should be .mga7... wrong > copy/paste? ;) > > thunderbird-enigmail-78.9.1-1.mga8 > > thunderbird-fr-78.9.1-1.mga8 > > > > No issues found, reception and send mail OK > > Same under Plasma. No issue so far since 2 days. > Validating. These should be .mga7... wrong copy/paste? ;) <== Yes sorry :'(
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0189.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this on April 14: https://access.redhat.com/errata/RHSA-2021:1193
I was notified by Christian Fischer that the MOZ vulnerabilities have CVEs. SVN advisory updated. Mageia Advisory: https://advisories.mageia.org/MGASA-2021-0189.html Mozilla Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/ Suggested change(s): MOZ-2021-23992 -> CVE-2021-23992