Bug 29258 - Thunderbird 78.12
Summary: Thunderbird 78.12
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK MGA8-32-OK
Keywords: advisory, validated_update
Depends on: 29247
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-14 16:26 CEST by David Walser
Modified: 2021-07-26 16:11 CEST (History)
6 users (show)

See Also:
Source RPM: thunderbird
CVE: CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
Status comment:


Attachments

Description David Walser 2021-07-14 16:26:48 CEST
Mozilla has released Thunderbird 78.12.0 on July 13:
https://www.thunderbird.net/en-US/thunderbird/78.12.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/
Comment 1 Nicolas Salguero 2021-07-15 14:19:04 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

IMAP server responses sent by a MITM prior to STARTTLS could be processed. (CVE-2021-29969)

Use-after-free in accessibility features of a document. (CVE-2021-29970)

Out of bounds write in ANGLE. (CVE-2021-30547)

Memory safety bugs fixed in Thunderbird 78.12. (CVE-2021-29976)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976
https://www.thunderbird.net/en-US/thunderbird/78.12.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/
========================

Updated packages in core/updates_testing:
========================
thunderbird-78.12.0-1.mga8
thunderbird-enigmail-78.12.0-1.mga8
thunderbird-ar-78.12.0-1.mga8
thunderbird-ast-78.12.0-1.mga8
thunderbird-be-78.12.0-1.mga8
thunderbird-bg-78.12.0-1.mga8
thunderbird-br-78.12.0-1.mga8
thunderbird-ca-78.12.0-1.mga8
thunderbird-cs-78.12.0-1.mga8
thunderbird-cy-78.12.0-1.mga8
thunderbird-da-78.12.0-1.mga8
thunderbird-de-78.12.0-1.mga8
thunderbird-el-78.12.0-1.mga8
thunderbird-en_GB-78.12.0-1.mga8
thunderbird-en_US-78.12.0-1.mga8
thunderbird-es_AR-78.12.0-1.mga8
thunderbird-es_ES-78.12.0-1.mga8
thunderbird-et-78.12.0-1.mga8
thunderbird-eu-78.12.0-1.mga8
thunderbird-fi-78.12.0-1.mga8
thunderbird-fr-78.12.0-1.mga8
thunderbird-fy_NL-78.12.0-1.mga8
thunderbird-ga_IE-78.12.0-1.mga8
thunderbird-gd-78.12.0-1.mga8
thunderbird-gl-78.12.0-1.mga8
thunderbird-he-78.12.0-1.mga8
thunderbird-hr-78.12.0-1.mga8
thunderbird-hsb-78.12.0-1.mga8
thunderbird-hu-78.12.0-1.mga8
thunderbird-hy_AM-78.12.0-1.mga8
thunderbird-id-78.12.0-1.mga8
thunderbird-is-78.12.0-1.mga8
thunderbird-it-78.12.0-1.mga8
thunderbird-ja-78.12.0-1.mga8
thunderbird-ka-78.12.0-1.mga8
thunderbird-kab-78.12.0-1.mga8
thunderbird-kk-78.12.0-1.mga8
thunderbird-ko-78.12.0-1.mga8
thunderbird-lt-78.12.0-1.mga8
thunderbird-ms-78.12.0-1.mga8
thunderbird-nb_NO-78.12.0-1.mga8
thunderbird-nl-78.12.0-1.mga8
thunderbird-nn_NO-78.12.0-1.mga8
thunderbird-pl-78.12.0-1.mga8
thunderbird-pt_BR-78.12.0-1.mga8
thunderbird-pt_PT-78.12.0-1.mga8
thunderbird-ro-78.12.0-1.mga8
thunderbird-ru-78.12.0-1.mga8
thunderbird-si-78.12.0-1.mga8
thunderbird-sk-78.12.0-1.mga8
thunderbird-sl-78.12.0-1.mga8
thunderbird-sq-78.12.0-1.mga8
thunderbird-sv_SE-78.12.0-1.mga8
thunderbird-tr-78.12.0-1.mga8
thunderbird-uk-78.12.0-1.mga8
thunderbird-uz-78.12.0-1.mga8
thunderbird-vi-78.12.0-1.mga8
thunderbird-zh_CN-78.12.0-1.mga8
thunderbird-zh_TW-78.12.0-1.mga8

from SRPMS:
thunderbird-78.12.0-1.mga8.src.rpm
thunderbird-l10n-78.12.0-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

David Walser 2021-07-15 15:08:19 CEST

Depends on: (none) => 29247

Bill Wilkinson 2021-07-15 15:34:53 CEST

CC: (none) => wrw105
Whiteboard: (none) => mga8-32-ok

Comment 2 Bill Wilkinson 2021-07-15 15:36:09 CEST
Tested mga8-32
send/receive/move/delete over IMAP/SMTP ok.
Comment 3 Hugues Detavernier 2021-07-15 16:13:21 CEST
Mageia X64 Gnome
Installation ok. I needed to install lib64otr5 dependency before.

Language settings are offered at installation.

sended and received emails without any problems over IMAP and SMTP too.

CC: (none) => hdetavernier

Comment 4 Bill Wilkinson 2021-07-15 19:43:48 CEST
tested mga8-x64 as above, all ok.

Whiteboard: mga8-32-ok => mga8-32-ok mga8-64-ok

Comment 5 Aurelien Oudelet 2021-07-15 22:30:57 CEST
MGA8-64 Plasma

Thunderbird updated with QARepo. OK.
SSL IMAP and SSL SMTP OK
SSL POP3 OK.
Built-in openPGP crypto OK

Validating.

CVE: (none) => CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
Whiteboard: mga8-32-ok mga8-64-ok => MGA8-64-OK MGA8-32-OK
Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs

Comment 6 Mageia Robot 2021-07-16 10:26:48 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0355.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Comment 7 Morgan Leijström 2021-07-16 13:21:21 CEST
Good here too
mga8-64 Plasma, nvidia, SMTP, IMAP, swedish

CC: (none) => fri

Comment 8 David Walser 2021-07-26 16:11:09 CEST
RedHat has issued an advisory for this today (July 26):
https://access.redhat.com/errata/RHSA-2021:2881

Note You need to log in before you can comment on or make changes to this bug.