Mozilla has released Thunderbird 102.7.0 on January 19: https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/ The security issues fixed haven't been posted yet, but are probably mostly the same as Firefox 102.7.0 (Bug 31415). There is a regression in Microsoft 365 support, so we could wait for 102.7.1.
Depends on: (none) => 31415
RedHat has issued an advisory for this today (January 25): https://access.redhat.com/errata/RHSA-2023:0463 Their advisory says that they updated to 102.7.1, even though the release announcement hasn't been posted yet: https://access.redhat.com/errata/RHSA-2023:0456
Summary: Thunderbird 102.7 => Thunderbird 102.7.1
Suggested advisory: ======================== The updated packages fix a security vulnerability: libusrsctp library out of date. (CVE-2022-46871) Arbitrary file read from GTK drag and drop on Linux. (CVE-2023-23598) URL being dragged from cross-origin iframe into same tab triggers navigation. (CVE-2023-23601) Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. (CVE-2023-23602) Fullscreen notification bypass. (CVE-2022-46877) Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive. (CVE-2023-23603) Memory safety bugs fixed in Thunderbird 102.7. (CVE-2023-23605) Revocation status of S/Mime signature certificates was not checked. (CVE-2023-0430) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430 https://www.thunderbird.net/en-US/thunderbird/102.7.0/releasenotes/ https://www.thunderbird.net/en-US/thunderbird/102.7.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/ https://access.redhat.com/errata/RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0456 ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.7.1-1.mga8 thunderbird-ka-102.7.1-1.mga8 thunderbird-ru-102.7.1-1.mga8 thunderbird-uk-102.7.1-1.mga8 thunderbird-el-102.7.1-1.mga8 thunderbird-ja-102.7.1-1.mga8 thunderbird-zh_TW-102.7.1-1.mga8 thunderbird-kk-102.7.1-1.mga8 thunderbird-th-102.7.1-1.mga8 thunderbird-sk-102.7.1-1.mga8 thunderbird-vi-102.7.1-1.mga8 thunderbird-hu-102.7.1-1.mga8 thunderbird-zh_CN-102.7.1-1.mga8 thunderbird-cs-102.7.1-1.mga8 thunderbird-hsb-102.7.1-1.mga8 thunderbird-dsb-102.7.1-1.mga8 thunderbird-hy_AM-102.7.1-1.mga8 thunderbird-sr-102.7.1-1.mga8 thunderbird-es_MX-102.7.1-1.mga8 thunderbird-fr-102.7.1-1.mga8 thunderbird-de-102.7.1-1.mga8 thunderbird-tr-102.7.1-1.mga8 thunderbird-es_AR-102.7.1-1.mga8 thunderbird-pl-102.7.1-1.mga8 thunderbird-ko-102.7.1-1.mga8 thunderbird-kab-102.7.1-1.mga8 thunderbird-fy_NL-102.7.1-1.mga8 thunderbird-sq-102.7.1-1.mga8 thunderbird-pt_BR-102.7.1-1.mga8 thunderbird-cy-102.7.1-1.mga8 thunderbird-bg-102.7.1-1.mga8 thunderbird-sv_SE-102.7.1-1.mga8 thunderbird-be-102.7.1-1.mga8 thunderbird-sl-102.7.1-1.mga8 thunderbird-is-102.7.1-1.mga8 thunderbird-nl-102.7.1-1.mga8 thunderbird-lt-102.7.1-1.mga8 thunderbird-eu-102.7.1-1.mga8 thunderbird-et-102.7.1-1.mga8 thunderbird-da-102.7.1-1.mga8 thunderbird-fi-102.7.1-1.mga8 thunderbird-gl-102.7.1-1.mga8 thunderbird-pt_PT-102.7.1-1.mga8 thunderbird-he-102.7.1-1.mga8 thunderbird-hr-102.7.1-1.mga8 thunderbird-ro-102.7.1-1.mga8 thunderbird-ar-102.7.1-1.mga8 thunderbird-nn_NO-102.7.1-1.mga8 thunderbird-es_ES-102.7.1-1.mga8 thunderbird-en_GB-102.7.1-1.mga8 thunderbird-nb_NO-102.7.1-1.mga8 thunderbird-en_CA-102.7.1-1.mga8 thunderbird-pa_IN-102.7.1-1.mga8 thunderbird-en_US-102.7.1-1.mga8 thunderbird-ca-102.7.1-1.mga8 thunderbird-id-102.7.1-1.mga8 thunderbird-gd-102.7.1-1.mga8 thunderbird-it-102.7.1-1.mga8 thunderbird-lv-102.7.1-1.mga8 thunderbird-br-102.7.1-1.mga8 thunderbird-ga_IE-102.7.1-1.mga8 thunderbird-af-102.7.1-1.mga8 thunderbird-ms-102.7.1-1.mga8 thunderbird-ast-102.7.1-1.mga8 thunderbird-uz-102.7.1-1.mga8 from SRPMS: thunderbird-102.7.1-1.mga8.src.rpm thunderbird-l10n-102.7.1-1.mga8.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugsSource RPM: thunderbird => thunderbird, thunderbird-l10n
mga8-64, Plasma, nvidia-current, old i7 § Clean update § Swedish OK § Settings and mails kept § IMAP § SMTP
CC: (none) => fri
This thunderbird version crashes with IMAP on cauldron Bug 31488 - TB crashes if you attempt to switch to an IMAP Inbox Should be investigated before OKing for mga8.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31488
MGA8-64 MATE on Acer Aspire 5253 No installation issues. First deleted my .thunderbird folder, then run thunderbird and follow the wizard to setup my hotmail account as pop3. Send and receive to/from gmail account on my desktop PC, without or with attachament, all works OK. Leave thunderbird and again delete my .thunderbird folder. Start thunderbird again and the wizard to setup my hotmail account as imap and operate it the same way as above. All OK. @ Morgan: is this sufficient for the problem you found?
CC: (none) => herman.viaene
I find it scaring that for Frank on cauldron 102.7.1-1 crashes, while 102.6.0 did not. I.e is it possible some of our users have configurations where this update would brake their work? It does not crash for me but i use "offline" IMAP (local storage, sync by IMAP), and it may also depend on which "dialect" IMAP the server use. Until we know i would like this delayed. I asked Frank in the other bug if he can test his IMAP on mga8.
I have used this IMAP account throughout the MGA8 cycle in cauldron (which is all I usually run) without a problem. A comment above indicates that 102.7.0 had a regression in MS 365 support (which this account is), but with oAuth2 it has been working right along. Did 102.7.1 claim to fix the regression ?
CC: (none) => ftg
(In reply to Morgan Leijström from comment #4) > This thunderbird version crashes with IMAP on cauldron > > Bug 31488 - TB crashes if you attempt to switch to an IMAP Inbox > > Should be investigated before OKing for mga8. If this doesn't happen with a clean profile, it shouldn't hold anything up. Unfortunately TB has a recent history of bugs that only affect one person's profile.
(In reply to David Walser from comment #8) > (In reply to Morgan Leijström from comment #4) > If this doesn't happen with a clean profile, it shouldn't hold anything up. Users getting updates do not want to make a clean profile... Anyway, the problem on cauldron was fixed with thunderbird-102.7.1-2.mga9 I have not checked why, but feels better to get an mga8 version of it here?
I don't want a new profile, but like most users, I've never been bit by any if these weird bugs. The update in Cauldron was related to hardware graphics acceleration, and not about that issue. It sounds like it was just a transient issue. Let's move this along.
OK then. Should we have a 32 bit test?
Whiteboard: (none) => MGA8-64-OK
It would be nice, but not strictly necessary for validation.
Working OK for me here, too. Validating. Advisory in comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0034.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
RedHat has posted an advisory for this on February 6: https://access.redhat.com/errata/RHSA-2023:0600 I'm guessing the ones in Comment 1 were a typo and were for 102.7.0.