Mozilla has released Thunderbird 91.13.0 on September 20:
Security issues fixed haven't been posted, but are probably basically the same as in Firefox 102.3 (Bug 30867).
For Cauldron, the build is impossible because of LLVM 14 which is missing.
Updated packages in core/updates_testing:
(In reply to Nicolas Salguero from comment #1)
> For Cauldron, the build is impossible because of LLVM 14 which is missing.
> Best regards,
I saw on IRC that the llvm 14 library was restored to Cauldron. Does that help?
Looks like it helped, it's building successfully in Cauldron.
Security issues fixed:
Updated thunderbird packages fix security vulnerabilities:
When injecting an HTML base element, some requests would ignore the CSP's
base-uri settings and accept the injected element's base instead
By injecting a cookie with certain special characters, an attacker on a shared
subdomain which is not a secure context could set and thus overwrite cookies
from a secure context, leading to session fixation and other attacks
During iframe navigation, certain pages did not have their FeaturePolicy fully
initialized leading to a bypass that leaked device permissions into untrusted
Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This
could lead to a use-after-free causing a potentially exploitable crash
Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian
Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety
bugs present in Thunderbird 102.2. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code (CVE-2022-40962).
assign to QA
mga8-64, Plasma, nvidia-current, 4K screen, Intel i7
§ OK for me:
Local folders and settings kept
Offline IMAP, SMTP
§ Not tested: filters, calendar, task
§ Failure regarding where sent messages appear when using multiple IMAP accounts noted on previous 102 (internal testing)
I have not checked it further.
MGA8 64 XFCE.
Updated with QA repo tool and rpms:
No issues at installation.
Send and receive mail are Ok
Calendar and Cardbook synchronization are Ok
No issues here, either.
Sending this on its way...
An update for this issue has been pushed to the Mageia Updates repository.
RedHat has issued an advisory for this today (September 26):