Mozilla has released Thunderbird 102.10.0 on April 11: https://www.thunderbird.net/en-US/thunderbird/102.10.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
CC: (none) => nicolas.salgueroAssignee: bugsquad => nicolas.salgueroSource RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA8TOO
Depends on: (none) => 31783
Suggested advisory: ======================== The updated packages fix a security vulnerability: Fullscreen notification obscured. (CVE-2023-29533) Double-free in libwebp. (MFSA-TMP-2023-0001) Potential Memory Corruption following Garbage Collector compaction. (CVE-2023-29535) Invalid free from JavaScript code. (CVE-2023-29536) Revocation status of S/Mime recipient certificates was not checked. (CVE-2023-0547) Hang when processing certain OpenPGP messages. (CVE-2023-29479) Content-Disposition filename truncation leads to Reflected File Download. (CVE-2023-29539) Files with malicious extensions could have been downloaded unsafely on Linux. (CVE-2023-29541) Memory Corruption in Safe Browsing Code. (CVE-2023-1945) Incorrect optimization result on ARM64. (CVE-2023-29548) Memory safety bugs fixed in Thunderbird 102.10. (CVE-2023-29550) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29533 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29535 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29536 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0547 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29479 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29539 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29541 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1945 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29548 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29550 https://www.thunderbird.net/en-US/thunderbird/102.10.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-102.10.0-1.mga8 thunderbird-ka-102.10.0-1.mga8 thunderbird-ru-102.10.0-1.mga8 thunderbird-uk-102.10.0-1.mga8 thunderbird-el-102.10.0-1.mga8 thunderbird-ja-102.10.0-1.mga8 thunderbird-zh_TW-102.10.0-1.mga8 thunderbird-kk-102.10.0-1.mga8 thunderbird-th-102.10.0-1.mga8 thunderbird-sk-102.10.0-1.mga8 thunderbird-vi-102.10.0-1.mga8 thunderbird-hu-102.10.0-1.mga8 thunderbird-zh_CN-102.10.0-1.mga8 thunderbird-cs-102.10.0-1.mga8 thunderbird-hsb-102.10.0-1.mga8 thunderbird-dsb-102.10.0-1.mga8 thunderbird-hy_AM-102.10.0-1.mga8 thunderbird-sr-102.10.0-1.mga8 thunderbird-es_MX-102.10.0-1.mga8 thunderbird-fr-102.10.0-1.mga8 thunderbird-de-102.10.0-1.mga8 thunderbird-tr-102.10.0-1.mga8 thunderbird-es_AR-102.10.0-1.mga8 thunderbird-pl-102.10.0-1.mga8 thunderbird-ko-102.10.0-1.mga8 thunderbird-kab-102.10.0-1.mga8 thunderbird-fy_NL-102.10.0-1.mga8 thunderbird-sq-102.10.0-1.mga8 thunderbird-pt_BR-102.10.0-1.mga8 thunderbird-cy-102.10.0-1.mga8 thunderbird-bg-102.10.0-1.mga8 thunderbird-sv_SE-102.10.0-1.mga8 thunderbird-be-102.10.0-1.mga8 thunderbird-sl-102.10.0-1.mga8 thunderbird-is-102.10.0-1.mga8 thunderbird-nl-102.10.0-1.mga8 thunderbird-lt-102.10.0-1.mga8 thunderbird-eu-102.10.0-1.mga8 thunderbird-et-102.10.0-1.mga8 thunderbird-da-102.10.0-1.mga8 thunderbird-fi-102.10.0-1.mga8 thunderbird-gl-102.10.0-1.mga8 thunderbird-pt_PT-102.10.0-1.mga8 thunderbird-he-102.10.0-1.mga8 thunderbird-hr-102.10.0-1.mga8 thunderbird-ro-102.10.0-1.mga8 thunderbird-ar-102.10.0-1.mga8 thunderbird-nn_NO-102.10.0-1.mga8 thunderbird-es_ES-102.10.0-1.mga8 thunderbird-en_GB-102.10.0-1.mga8 thunderbird-nb_NO-102.10.0-1.mga8 thunderbird-en_CA-102.10.0-1.mga8 thunderbird-pa_IN-102.10.0-1.mga8 thunderbird-en_US-102.10.0-1.mga8 thunderbird-ca-102.10.0-1.mga8 thunderbird-id-102.10.0-1.mga8 thunderbird-gd-102.10.0-1.mga8 thunderbird-it-102.10.0-1.mga8 thunderbird-lv-102.10.0-1.mga8 thunderbird-br-102.10.0-1.mga8 thunderbird-ga_IE-102.10.0-1.mga8 thunderbird-af-102.10.0-1.mga8 thunderbird-ms-102.10.0-1.mga8 thunderbird-ast-102.10.0-1.mga8 thunderbird-uz-102.10.0-1.mga8 from SRPMS: thunderbird-102.10.0-1.mga8.src.rpm thunderbird-l10n-102.10.0-1.mga8.src.rpm
Version: Cauldron => 8Status: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)Assignee: nicolas.salguero => qa-bugs
Is Thunderbird using system libwebp or the bundled one? If it's the system one, the libwebp bug shouldn't be listed in the advisory.
It seems to be using the bundled one.
MGA8-64 MATE on Acer Aspire 5253 No installation issues, the libwebp having been installed by previous test in firefox102.10 Sending and receiving mails without and with attachments all work OK.
CC: (none) => herman.viaene
Validating. Advisory committed to svn.
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0147.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
FWIW OK 64 here too
CC: (none) => fri
RedHat has issued an advisory for this on April 17: https://access.redhat.com/errata/RHSA-2023:1809