Mozilla has released Thunderbird 91.7.0 on March 8: https://www.thunderbird.net/en-US/thunderbird/91.7.0/releasenotes/ It fixes bugs and a security issue: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/
Assignee: bugsquad => nicolas.salgueroSource RPM: (none) => thunderbird, thunderbird-l10nCC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOO
Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash (CVE-2022-26381). When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification (CVE-2022-26383). If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox (CVE-2022-26384). Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory (CVE-2022-26386). When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Thunderbird would not have noticed (CVE-2022-26387). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387 https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/ https://www.thunderbird.net/en-US/thunderbird/91.7.0/releasenotes/
Works fine on Mageia 8 x86_64. Advisory added to SVN.
Keywords: (none) => advisoryVersion: Cauldron => 8Whiteboard: MGA8TOO => MGA8-64-OK
OK from me too mga8-64, plasma, nvidia-current § Clean upgrade § Localisation (Swedish) § All mail and settings kept § IMAP, SMTP
CC: (none) => fri
Advisory in Comment 1. Updated packages in core/updates_testing: ======================== thunderbird-91.7.0-1.mga8 thunderbird-ru-91.7.0-1.mga8 thunderbird-uk-91.7.0-1.mga8 thunderbird-ka-91.7.0-1.mga8 thunderbird-el-91.7.0-1.mga8 thunderbird-th-91.7.0-1.mga8 thunderbird-ja-91.7.0-1.mga8 thunderbird-kk-91.7.0-1.mga8 thunderbird-zh_TW-91.7.0-1.mga8 thunderbird-zh_CN-91.7.0-1.mga8 thunderbird-hy_AM-91.7.0-1.mga8 thunderbird-sk-91.7.0-1.mga8 thunderbird-hu-91.7.0-1.mga8 thunderbird-dsb-91.7.0-1.mga8 thunderbird-vi-91.7.0-1.mga8 thunderbird-hsb-91.7.0-1.mga8 thunderbird-sr-91.7.0-1.mga8 thunderbird-cs-91.7.0-1.mga8 thunderbird-fr-91.7.0-1.mga8 thunderbird-ko-91.7.0-1.mga8 thunderbird-sq-91.7.0-1.mga8 thunderbird-lt-91.7.0-1.mga8 thunderbird-be-91.7.0-1.mga8 thunderbird-bg-91.7.0-1.mga8 thunderbird-es_AR-91.7.0-1.mga8 thunderbird-de-91.7.0-1.mga8 thunderbird-tr-91.7.0-1.mga8 thunderbird-pl-91.7.0-1.mga8 thunderbird-pt_BR-91.7.0-1.mga8 thunderbird-fy_NL-91.7.0-1.mga8 thunderbird-sv_SE-91.7.0-1.mga8 thunderbird-kab-91.7.0-1.mga8 thunderbird-nl-91.7.0-1.mga8 thunderbird-cy-91.7.0-1.mga8 thunderbird-gl-91.7.0-1.mga8 thunderbird-eu-91.7.0-1.mga8 thunderbird-he-91.7.0-1.mga8 thunderbird-pt_PT-91.7.0-1.mga8 thunderbird-fi-91.7.0-1.mga8 thunderbird-ar-91.7.0-1.mga8 thunderbird-sl-91.7.0-1.mga8 thunderbird-ro-91.7.0-1.mga8 thunderbird-da-91.7.0-1.mga8 thunderbird-nn_NO-91.7.0-1.mga8 thunderbird-nb_NO-91.7.0-1.mga8 thunderbird-pa_IN-91.7.0-1.mga8 thunderbird-hr-91.7.0-1.mga8 thunderbird-ca-91.7.0-1.mga8 thunderbird-id-91.7.0-1.mga8 thunderbird-en_GB-91.7.0-1.mga8 thunderbird-gd-91.7.0-1.mga8 thunderbird-en_CA-91.7.0-1.mga8 thunderbird-en_US-91.7.0-1.mga8 thunderbird-br-91.7.0-1.mga8 thunderbird-lv-91.7.0-1.mga8 thunderbird-it-91.7.0-1.mga8 thunderbird-ga_IE-91.7.0-1.mga8 thunderbird-et-91.7.0-1.mga8 thunderbird-uz-91.7.0-1.mga8 thunderbird-ast-91.7.0-1.mga8 thunderbird-is-91.7.0-1.mga8 thunderbird-ms-91.7.0-1.mga8 thunderbird-es_ES-91.7.0-1.mga8 thunderbird-af-91.7.0-1.mga8 from SRPMS: thunderbird-91.7.0-1.mga8.src.rpm thunderbird-l10n-91.7.0-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugs
Confirming ok on x86_64 using imap and pop3. Validating the update.
CC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0097.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
RedHat has issued an advisory for this today (March 14): https://access.redhat.com/errata/RHSA-2022:0845