Mozilla has released Thunderbird 91.11.0 on June 28: https://www.thunderbird.net/en-US/thunderbird/91.11.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOOAssignee: bugsquad => nicolas.salgueroSource RPM: (none) => thunderbird, thunderbird-l10n
Nicolas, David already opened a bug for Thunderbird 91.11.0 two days ago. To streamline all efforts we should mark this one as duplicate (as for cauldron no explicit bug report is required for an update). *** This bug has been marked as a duplicate of bug 30583 ***
Status: NEW => RESOLVEDResolution: (none) => DUPLICATE
Sorry, my mistake. This bugreport is valid as it is for Thunderbird.
Status: RESOLVED => REOPENEDResolution: DUPLICATE => (none)
Status NEW
Status: REOPENED => NEW
Depends on: (none) => 30583
Suggested advisory: ======================== The updated packages fix a security vulnerability: A popup window could be resized in a way to overlay the address bar with web content. (CVE-2022-34479) Use-after-free in nsSHistory. (CVE-2022-34470) CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI. (CVE-2022-34468) An email with a mismatching OpenPGP signature date was accepted as valid. (CVE-2022-2226) Potential integer overflow in ReplaceElementsAt. (CVE-2022-34481) CSP bypass enabling stylesheet injection. (CVE-2022-31744) Unavailable PAC file resulted in OCSP requests being blocked. (CVE-2022-34472) Undesired attributes could be set as part of prototype pollution. (CVE-2022-2200) Memory safety bugs fixed in Thunderbird 91.11 and Thunderbird 102. (CVE-2022-34484) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34470 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34481 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34472 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34484 https://www.thunderbird.net/en-US/thunderbird/91.11.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-91.11.0-1.mga8 thunderbird-ru-91.11.0-1.mga8 thunderbird-uk-91.11.0-1.mga8 thunderbird-ka-91.11.0-1.mga8 thunderbird-el-91.11.0-1.mga8 thunderbird-th-91.11.0-1.mga8 thunderbird-ja-91.11.0-1.mga8 thunderbird-kk-91.11.0-1.mga8 thunderbird-zh_TW-91.11.0-1.mga8 thunderbird-zh_CN-91.11.0-1.mga8 thunderbird-hy_AM-91.11.0-1.mga8 thunderbird-sk-91.11.0-1.mga8 thunderbird-hu-91.11.0-1.mga8 thunderbird-dsb-91.11.0-1.mga8 thunderbird-vi-91.11.0-1.mga8 thunderbird-hsb-91.11.0-1.mga8 thunderbird-sr-91.11.0-1.mga8 thunderbird-cs-91.11.0-1.mga8 thunderbird-fr-91.11.0-1.mga8 thunderbird-ko-91.11.0-1.mga8 thunderbird-sq-91.11.0-1.mga8 thunderbird-lt-91.11.0-1.mga8 thunderbird-be-91.11.0-1.mga8 thunderbird-bg-91.11.0-1.mga8 thunderbird-es_AR-91.11.0-1.mga8 thunderbird-de-91.11.0-1.mga8 thunderbird-tr-91.11.0-1.mga8 thunderbird-pl-91.11.0-1.mga8 thunderbird-pt_BR-91.11.0-1.mga8 thunderbird-fy_NL-91.11.0-1.mga8 thunderbird-sv_SE-91.11.0-1.mga8 thunderbird-kab-91.11.0-1.mga8 thunderbird-nl-91.11.0-1.mga8 thunderbird-cy-91.11.0-1.mga8 thunderbird-gl-91.11.0-1.mga8 thunderbird-eu-91.11.0-1.mga8 thunderbird-he-91.11.0-1.mga8 thunderbird-pt_PT-91.11.0-1.mga8 thunderbird-fi-91.11.0-1.mga8 thunderbird-ar-91.11.0-1.mga8 thunderbird-sl-91.11.0-1.mga8 thunderbird-ro-91.11.0-1.mga8 thunderbird-da-91.11.0-1.mga8 thunderbird-nn_NO-91.11.0-1.mga8 thunderbird-nb_NO-91.11.0-1.mga8 thunderbird-pa_IN-91.11.0-1.mga8 thunderbird-hr-91.11.0-1.mga8 thunderbird-ca-91.11.0-1.mga8 thunderbird-id-91.11.0-1.mga8 thunderbird-en_GB-91.11.0-1.mga8 thunderbird-gd-91.11.0-1.mga8 thunderbird-en_CA-91.11.0-1.mga8 thunderbird-en_US-91.11.0-1.mga8 thunderbird-br-91.11.0-1.mga8 thunderbird-lv-91.11.0-1.mga8 thunderbird-it-91.11.0-1.mga8 thunderbird-ga_IE-91.11.0-1.mga8 thunderbird-et-91.11.0-1.mga8 thunderbird-uz-91.11.0-1.mga8 thunderbird-ast-91.11.0-1.mga8 thunderbird-is-91.11.0-1.mga8 thunderbird-ms-91.11.0-1.mga8 thunderbird-es_ES-91.11.0-1.mga8 thunderbird-af-91.11.0-1.mga8 from SRPMS: thunderbird-91.11.0-1.mga8.src.rpm thunderbird-l10n-91.11.0-1.mga8.src.rpm
Status: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)Assignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8
MGA8-64 Plasma on Acer Aspire 5253 No installation issues, apart from the fact that installing thunderbird only draws in the en-CA pack, where Firefox draws in the en_GB, en_US and en_CA. I checked and both my normal user and root have # echo $LANGUAGE en_BE.UTF-8:en_GB:en This laptop didn't have thunderbird installed previously, so used the wizard to connect to my hotmail account. Then sent and received mail without and with attachment to my gmail account handled on my desktop PC. All works well.
CC: (none) => herman.viaene
mga8-64, Plasma __Tested OK: § Clean update § Swedish locale § settings kept § local mail kept § offline IMAP store and retrieve § SMTP (outgoing) § printing
CC: (none) => fri
RedHat has issued an advisory for this on June 30: https://access.redhat.com/errata/RHSA-2022:5470
Working OK for me in US English. I was going to OK it, but another test or two in other languages wouldn't hurt.
Sending this on. Validating. Advisory in Comment 4.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0253.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED