Mozilla has released Thunderbird 78.13.0 today (August 10): https://www.thunderbird.net/en-US/thunderbird/78.13.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2021-35/
Depends on: (none) => 29346
I see Thomas is building this update, but this doesn't look right: http://svnweb.mageia.org/packages/updates/8/thunderbird-l10n/current/SOURCES/sha1.lst?r1=1741345&r2=1741344&pathrev=1741345 Every xpi file should change for every update.
CC: (none) => tmb
I'm guessing you might have used the bogus update_translations.sh that Nicolas added. That script should be removed from SOURCES, it's incorrect and unnecessary.
nope, I simply do: edit SPECS/thunderbird.spec to bump version rm -f SOURCES/*.xpi mgarepo sync -d I guess one need to check if upstream did mess up translations or simply copied them between releases...
(In reply to Thomas Backlund from comment #3) > nope, I simply do: > > edit SPECS/thunderbird.spec to bump version that would obviously be SPECS/thunderbird-l10n.spec
Interesting! I just noticed the ones that didn't change are also missing from the script. Do they no longer exist upstream? This was the first time I had looked at this package in a while. I used to update it myself sometimes, but then we added something...maybe it was enigmail translations? It had a complicated update procedure, so I stopped messing with it then. I wonder what happened to that.
ah, it's because: theese are disabled: af.xpi cak.xpi theese are unlisted: en-CA.xpi fa.xpi pa-IN.xpi th.xpi but they all exist in upstream: https://ftp.mozilla.org/pub/thunderbird/releases/78.13.0/linux-x86_64/xpi/
but since they were not in 78.12, maybe ignore them for 78.13 and see if they still exist in the upcoming 91esr
Ok. Thanks.
SRPMS: thunderbird-78.13.0-1.mga8.src.rpm thunderbird-l10n-78.13.0-1.mga8.src.rpm i586: thunderbird-78.13.0-1.mga8.i586.rpm thunderbird-ar-78.13.0-1.mga8.noarch.rpm thunderbird-ast-78.13.0-1.mga8.noarch.rpm thunderbird-be-78.13.0-1.mga8.noarch.rpm thunderbird-bg-78.13.0-1.mga8.noarch.rpm thunderbird-br-78.13.0-1.mga8.noarch.rpm thunderbird-ca-78.13.0-1.mga8.noarch.rpm thunderbird-cs-78.13.0-1.mga8.noarch.rpm thunderbird-cy-78.13.0-1.mga8.noarch.rpm thunderbird-da-78.13.0-1.mga8.noarch.rpm thunderbird-de-78.13.0-1.mga8.noarch.rpm thunderbird-el-78.13.0-1.mga8.noarch.rpm thunderbird-en_GB-78.13.0-1.mga8.noarch.rpm thunderbird-enigmail-78.13.0-1.mga8.i586.rpm thunderbird-en_US-78.13.0-1.mga8.noarch.rpm thunderbird-es_AR-78.13.0-1.mga8.noarch.rpm thunderbird-es_ES-78.13.0-1.mga8.noarch.rpm thunderbird-et-78.13.0-1.mga8.noarch.rpm thunderbird-eu-78.13.0-1.mga8.noarch.rpm thunderbird-fi-78.13.0-1.mga8.noarch.rpm thunderbird-fr-78.13.0-1.mga8.noarch.rpm thunderbird-fy_NL-78.13.0-1.mga8.noarch.rpm thunderbird-ga_IE-78.13.0-1.mga8.noarch.rpm thunderbird-gd-78.13.0-1.mga8.noarch.rpm thunderbird-gl-78.13.0-1.mga8.noarch.rpm thunderbird-he-78.13.0-1.mga8.noarch.rpm thunderbird-hr-78.13.0-1.mga8.noarch.rpm thunderbird-hsb-78.13.0-1.mga8.noarch.rpm thunderbird-hu-78.13.0-1.mga8.noarch.rpm thunderbird-hy_AM-78.13.0-1.mga8.noarch.rpm thunderbird-id-78.13.0-1.mga8.noarch.rpm thunderbird-is-78.13.0-1.mga8.noarch.rpm thunderbird-it-78.13.0-1.mga8.noarch.rpm thunderbird-ja-78.13.0-1.mga8.noarch.rpm thunderbird-ka-78.13.0-1.mga8.noarch.rpm thunderbird-kab-78.13.0-1.mga8.noarch.rpm thunderbird-kk-78.13.0-1.mga8.noarch.rpm thunderbird-ko-78.13.0-1.mga8.noarch.rpm thunderbird-lt-78.13.0-1.mga8.noarch.rpm thunderbird-ms-78.13.0-1.mga8.noarch.rpm thunderbird-nb_NO-78.13.0-1.mga8.noarch.rpm thunderbird-nl-78.13.0-1.mga8.noarch.rpm thunderbird-nn_NO-78.13.0-1.mga8.noarch.rpm thunderbird-pl-78.13.0-1.mga8.noarch.rpm thunderbird-pt_BR-78.13.0-1.mga8.noarch.rpm thunderbird-pt_PT-78.13.0-1.mga8.noarch.rpm thunderbird-ro-78.13.0-1.mga8.noarch.rpm thunderbird-ru-78.13.0-1.mga8.noarch.rpm thunderbird-si-78.13.0-1.mga8.noarch.rpm thunderbird-sk-78.13.0-1.mga8.noarch.rpm thunderbird-sl-78.13.0-1.mga8.noarch.rpm thunderbird-sq-78.13.0-1.mga8.noarch.rpm thunderbird-sv_SE-78.13.0-1.mga8.noarch.rpm thunderbird-tr-78.13.0-1.mga8.noarch.rpm thunderbird-uk-78.13.0-1.mga8.noarch.rpm thunderbird-uz-78.13.0-1.mga8.noarch.rpm thunderbird-vi-78.13.0-1.mga8.noarch.rpm thunderbird-zh_CN-78.13.0-1.mga8.noarch.rpm thunderbird-zh_TW-78.13.0-1.mga8.noarch.rpm x86_64: thunderbird-78.13.0-1.mga8.x86_64.rpm thunderbird-ar-78.13.0-1.mga8.noarch.rpm thunderbird-ast-78.13.0-1.mga8.noarch.rpm thunderbird-be-78.13.0-1.mga8.noarch.rpm thunderbird-bg-78.13.0-1.mga8.noarch.rpm thunderbird-br-78.13.0-1.mga8.noarch.rpm thunderbird-ca-78.13.0-1.mga8.noarch.rpm thunderbird-cs-78.13.0-1.mga8.noarch.rpm thunderbird-cy-78.13.0-1.mga8.noarch.rpm thunderbird-da-78.13.0-1.mga8.noarch.rpm thunderbird-de-78.13.0-1.mga8.noarch.rpm thunderbird-el-78.13.0-1.mga8.noarch.rpm thunderbird-en_GB-78.13.0-1.mga8.noarch.rpm thunderbird-enigmail-78.13.0-1.mga8.x86_64.rpm thunderbird-en_US-78.13.0-1.mga8.noarch.rpm thunderbird-es_AR-78.13.0-1.mga8.noarch.rpm thunderbird-es_ES-78.13.0-1.mga8.noarch.rpm thunderbird-et-78.13.0-1.mga8.noarch.rpm thunderbird-eu-78.13.0-1.mga8.noarch.rpm thunderbird-fi-78.13.0-1.mga8.noarch.rpm thunderbird-fr-78.13.0-1.mga8.noarch.rpm thunderbird-fy_NL-78.13.0-1.mga8.noarch.rpm thunderbird-ga_IE-78.13.0-1.mga8.noarch.rpm thunderbird-gd-78.13.0-1.mga8.noarch.rpm thunderbird-gl-78.13.0-1.mga8.noarch.rpm thunderbird-he-78.13.0-1.mga8.noarch.rpm thunderbird-hr-78.13.0-1.mga8.noarch.rpm thunderbird-hsb-78.13.0-1.mga8.noarch.rpm thunderbird-hu-78.13.0-1.mga8.noarch.rpm thunderbird-hy_AM-78.13.0-1.mga8.noarch.rpm thunderbird-id-78.13.0-1.mga8.noarch.rpm thunderbird-is-78.13.0-1.mga8.noarch.rpm thunderbird-it-78.13.0-1.mga8.noarch.rpm thunderbird-ja-78.13.0-1.mga8.noarch.rpm thunderbird-ka-78.13.0-1.mga8.noarch.rpm thunderbird-kab-78.13.0-1.mga8.noarch.rpm thunderbird-kk-78.13.0-1.mga8.noarch.rpm thunderbird-ko-78.13.0-1.mga8.noarch.rpm thunderbird-lt-78.13.0-1.mga8.noarch.rpm thunderbird-ms-78.13.0-1.mga8.noarch.rpm thunderbird-nb_NO-78.13.0-1.mga8.noarch.rpm thunderbird-nl-78.13.0-1.mga8.noarch.rpm thunderbird-nn_NO-78.13.0-1.mga8.noarch.rpm thunderbird-pl-78.13.0-1.mga8.noarch.rpm thunderbird-pt_BR-78.13.0-1.mga8.noarch.rpm thunderbird-pt_PT-78.13.0-1.mga8.noarch.rpm thunderbird-ro-78.13.0-1.mga8.noarch.rpm thunderbird-ru-78.13.0-1.mga8.noarch.rpm thunderbird-si-78.13.0-1.mga8.noarch.rpm thunderbird-sk-78.13.0-1.mga8.noarch.rpm thunderbird-sl-78.13.0-1.mga8.noarch.rpm thunderbird-sq-78.13.0-1.mga8.noarch.rpm thunderbird-sv_SE-78.13.0-1.mga8.noarch.rpm thunderbird-tr-78.13.0-1.mga8.noarch.rpm thunderbird-uk-78.13.0-1.mga8.noarch.rpm thunderbird-uz-78.13.0-1.mga8.noarch.rpm thunderbird-vi-78.13.0-1.mga8.noarch.rpm thunderbird-zh_CN-78.13.0-1.mga8.noarch.rpm thunderbird-zh_TW-78.13.0-1.mga8.noarch.rpm
Assignee: nicolas.salguero => qa-bugs
Tested fine on Mageia 8 x86_64 (with en_US l10n) with both IMAP and NNTP protocols. Let's get this pushed. Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash (CVE-2021-29980). Instruction reordering during JIT optimization resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash (CVE-2021-29984). A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash (CVE-2021-29985). A suspected race condition when calling getaddrinfo while resolving DNS names could have led to memory corruption and a potentially exploitable crash (CVE-2021-29986). Thunderbird incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash (CVE-2021-29988). Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Thunderbird ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29989). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989 https://www.thunderbird.net/en-US/thunderbird/78.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-35/
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
Advisory added to SVN. CVEs in Firefox (Bug 29346) advisory corrected.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0407.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (August 16): https://access.redhat.com/errata/RHSA-2021:3160