Mozilla hasn't released Thunderbird 102.4.0 yet, but it should be coming soon: https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes/ When we do update it, we'll need to make sure to include the expat patches that we have in the Firefox package, as we had missed that previously. I just added the CVE-2022-40674 patch in firefox-102.4.0-2.mga9. Here's RedHat adding that one to Thunderbird: https://git.centos.org/rpms/thunderbird/c/0423e888d6f549a811d3dbdc2ee88428d2f9a153?branch=c7
Hi, Regarding Firefox, I saw that you also added a patch to fix webrtc. I think I will build and test a firefox-102.4.0-2.mga8 to see if it solves my issue with BigBlueButton. Best regards, Nico.
I'm already building a Mageia 8 update with that patch.
Updated packages in core/updates_testing: ======================== thunderbird-102.4.0-1.mga8 thunderbird-ka-102.4.0-1.mga8 thunderbird-ru-102.4.0-1.mga8 thunderbird-uk-102.4.0-1.mga8 thunderbird-el-102.4.0-1.mga8 thunderbird-ja-102.4.0-1.mga8 thunderbird-zh_TW-102.4.0-1.mga8 thunderbird-kk-102.4.0-1.mga8 thunderbird-th-102.4.0-1.mga8 thunderbird-sk-102.4.0-1.mga8 thunderbird-vi-102.4.0-1.mga8 thunderbird-hu-102.4.0-1.mga8 thunderbird-zh_CN-102.4.0-1.mga8 thunderbird-cs-102.4.0-1.mga8 thunderbird-hsb-102.4.0-1.mga8 thunderbird-dsb-102.4.0-1.mga8 thunderbird-hy_AM-102.4.0-1.mga8 thunderbird-sr-102.4.0-1.mga8 thunderbird-es_MX-102.4.0-1.mga8 thunderbird-fr-102.4.0-1.mga8 thunderbird-de-102.4.0-1.mga8 thunderbird-tr-102.4.0-1.mga8 thunderbird-es_AR-102.4.0-1.mga8 thunderbird-pl-102.4.0-1.mga8 thunderbird-ko-102.4.0-1.mga8 thunderbird-kab-102.4.0-1.mga8 thunderbird-fy_NL-102.4.0-1.mga8 thunderbird-sq-102.4.0-1.mga8 thunderbird-pt_BR-102.4.0-1.mga8 thunderbird-cy-102.4.0-1.mga8 thunderbird-bg-102.4.0-1.mga8 thunderbird-sv_SE-102.4.0-1.mga8 thunderbird-be-102.4.0-1.mga8 thunderbird-sl-102.4.0-1.mga8 thunderbird-is-102.4.0-1.mga8 thunderbird-nl-102.4.0-1.mga8 thunderbird-lt-102.4.0-1.mga8 thunderbird-eu-102.4.0-1.mga8 thunderbird-et-102.4.0-1.mga8 thunderbird-da-102.4.0-1.mga8 thunderbird-fi-102.4.0-1.mga8 thunderbird-gl-102.4.0-1.mga8 thunderbird-pt_PT-102.4.0-1.mga8 thunderbird-he-102.4.0-1.mga8 thunderbird-hr-102.4.0-1.mga8 thunderbird-ro-102.4.0-1.mga8 thunderbird-ar-102.4.0-1.mga8 thunderbird-nn_NO-102.4.0-1.mga8 thunderbird-es_ES-102.4.0-1.mga8 thunderbird-en_GB-102.4.0-1.mga8 thunderbird-nb_NO-102.4.0-1.mga8 thunderbird-en_CA-102.4.0-1.mga8 thunderbird-pa_IN-102.4.0-1.mga8 thunderbird-en_US-102.4.0-1.mga8 thunderbird-ca-102.4.0-1.mga8 thunderbird-id-102.4.0-1.mga8 thunderbird-gd-102.4.0-1.mga8 thunderbird-it-102.4.0-1.mga8 thunderbird-lv-102.4.0-1.mga8 thunderbird-br-102.4.0-1.mga8 thunderbird-ga_IE-102.4.0-1.mga8 thunderbird-af-102.4.0-1.mga8 thunderbird-ms-102.4.0-1.mga8 thunderbird-ast-102.4.0-1.mga8 thunderbird-uz-102.4.0-1.mga8 from SRPMS: thunderbird-102.4.0-1.mga8.src.rpm thunderbird-l10n-102.4.0-1.mga8.src.rpm
Pointing out the obvious here, but later in the day yesterday (October 19) they did in fact release Thunderbird 102.4. Release notes are posted, security issues fixed have not been posted yet (probably will be similar to FF 102.4). Expat CVE-2022-40674 is patched in the updated build.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 https://www.thunderbird.net/en-US/thunderbird/102.4.0/releasenotes/
Assignee: nicolas.salguero => qa-bugsSource RPM: thunderbird => thunderbird, thunderbird-l10nCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNED
MGA8 64 XFCE, Updated with QA repo and RPMs: thunderbird 102.4.0 1.mga8 x86_64 thunderbird-fr 102.4.0 1.mga8 noarch No issues at installation. Send and receive mail IMAP Ok Synchronize Calendar and contact OK
CC: (none) => guillaume.royer
mga8-64, Plasma: short test OK, continue using. Clean update Swedish locale settings and mail kept IMAP and SMTP
CC: (none) => fri
MGA8-64 MATE on Acer Aspire 5253 No installation issues, updating an exwiting version. Sending and receiving mail without and with attachment works OK, with the repeating phenomenon (at least on this configuration) that all messages sent are listed twice in the Sent box, but are sent only once.
CC: (none) => herman.viaene
MGA8-64 Plasma system here. No installation issues with US English version. Sent and received POP3 mail with Gmail and Yahoo accounts, read newsgroup messages. No issues noted. I think this can go on its way. OKing and validating. Advisory in Comment 5.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
MGA8-64 Plasma. No installation issues, updated from testing repositories and with previous Thunderbird version installed. - Addons ok. - Signature ok. - Send and receive ok. - POP3 and IMAP accouts works fine. - Spanish translation ok. - Calendar and task sync with my /e/ account ok. - Attach ok. - Settings ok. Greetings!!
CC: (none) => joselp
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0397.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED