Mozilla has released Thunderbird 102.8.0 on February 15: https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/
CC: (none) => nicolas.salgueroAssignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA8TOOSource RPM: (none) => thunderbird, thunderbird-l10n
Suggested advisory: ======================== The updated packages fix a security vulnerability: User Interface lockup with messages combining S/MIME and OpenPGP. (CVE-2023-0616) Content security policy leak in violation reports using iframes. (CVE-2023-25728) Screen hijack via browser fullscreen mode. (CVE-2023-25730) Arbitrary memory write via PKCS 12 in NSS. (CVE-2023-0767) Potential use-after-free from compartment mismatch in SpiderMonkey. (CVE-2023-25735) Invalid downcast in SVGUtils::SetupStrokeGeometry. (CVE-2023-25737) Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. (CVE-2023-25739) Extensions could have opened external schemes without user knowledge. (CVE-2023-25729) Out of bounds memory write from EncodeInputStream. (CVE-2023-25732) Web Crypto ImportKey crashes tab. (CVE-2023-25742) Memory safety bugs fixed in Thunderbird 102.8. (CVE-2023-25746) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746 https://www.thunderbird.net/en-US/thunderbird/102.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.8.0-1.mga8 thunderbird-ka-102.8.0-1.mga8 thunderbird-ru-102.8.0-1.mga8 thunderbird-uk-102.8.0-1.mga8 thunderbird-el-102.8.0-1.mga8 thunderbird-ja-102.8.0-1.mga8 thunderbird-zh_TW-102.8.0-1.mga8 thunderbird-kk-102.8.0-1.mga8 thunderbird-th-102.8.0-1.mga8 thunderbird-sk-102.8.0-1.mga8 thunderbird-vi-102.8.0-1.mga8 thunderbird-hu-102.8.0-1.mga8 thunderbird-zh_CN-102.8.0-1.mga8 thunderbird-cs-102.8.0-1.mga8 thunderbird-hsb-102.8.0-1.mga8 thunderbird-dsb-102.8.0-1.mga8 thunderbird-hy_AM-102.8.0-1.mga8 thunderbird-sr-102.8.0-1.mga8 thunderbird-es_MX-102.8.0-1.mga8 thunderbird-fr-102.8.0-1.mga8 thunderbird-de-102.8.0-1.mga8 thunderbird-tr-102.8.0-1.mga8 thunderbird-es_AR-102.8.0-1.mga8 thunderbird-pl-102.8.0-1.mga8 thunderbird-ko-102.8.0-1.mga8 thunderbird-kab-102.8.0-1.mga8 thunderbird-fy_NL-102.8.0-1.mga8 thunderbird-sq-102.8.0-1.mga8 thunderbird-pt_BR-102.8.0-1.mga8 thunderbird-cy-102.8.0-1.mga8 thunderbird-bg-102.8.0-1.mga8 thunderbird-sv_SE-102.8.0-1.mga8 thunderbird-be-102.8.0-1.mga8 thunderbird-sl-102.8.0-1.mga8 thunderbird-is-102.8.0-1.mga8 thunderbird-nl-102.8.0-1.mga8 thunderbird-lt-102.8.0-1.mga8 thunderbird-eu-102.8.0-1.mga8 thunderbird-et-102.8.0-1.mga8 thunderbird-da-102.8.0-1.mga8 thunderbird-fi-102.8.0-1.mga8 thunderbird-gl-102.8.0-1.mga8 thunderbird-pt_PT-102.8.0-1.mga8 thunderbird-he-102.8.0-1.mga8 thunderbird-hr-102.8.0-1.mga8 thunderbird-ro-102.8.0-1.mga8 thunderbird-ar-102.8.0-1.mga8 thunderbird-nn_NO-102.8.0-1.mga8 thunderbird-es_ES-102.8.0-1.mga8 thunderbird-en_GB-102.8.0-1.mga8 thunderbird-nb_NO-102.8.0-1.mga8 thunderbird-en_CA-102.8.0-1.mga8 thunderbird-pa_IN-102.8.0-1.mga8 thunderbird-en_US-102.8.0-1.mga8 thunderbird-ca-102.8.0-1.mga8 thunderbird-id-102.8.0-1.mga8 thunderbird-gd-102.8.0-1.mga8 thunderbird-it-102.8.0-1.mga8 thunderbird-lv-102.8.0-1.mga8 thunderbird-br-102.8.0-1.mga8 thunderbird-ga_IE-102.8.0-1.mga8 thunderbird-af-102.8.0-1.mga8 thunderbird-ms-102.8.0-1.mga8 thunderbird-ast-102.8.0-1.mga8 thunderbird-uz-102.8.0-1.mga8 from SRPMS: thunderbird-102.8.0-1.mga8.src.rpm thunderbird-l10n-102.8.0-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8Status: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)
Depends on: (none) => 31556
mga8-64, Plasma, nvidia-current, intel i7 Tests OK: Swedish locale settings and local mail kept IMAP (offline, IMAP to synk to server) SMTP tested incl inline pictures and attached files. Did not test Filters, Calendar, PGP, RSS...
CC: (none) => fri
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Using existing profile, sending and receiving mails without and with attachments work OK.
CC: (none) => herman.viaene
MGA8-64 Plasma. Updated both Firefox and Thunderbird US English versions at the same time, with no installation issues. Used Thunderbird all afternoon yesterday, sent and received several emails about QA, order confirmations, notifications from various farming forums I frequent and from Facebook, used links inside some of the trusted emails, checked some newsgroups. Everything worked as it should. I don't use the calendar, but what I do use is OK.
CC: (none) => andrewsfarm
Another day of usage with no problems. Sending this on. Validating. Advisory in comment 1.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0057.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
RedHat has issued an advisory for this on February 20: https://access.redhat.com/errata/RHSA-2023:0824