Mozilla has released Thunderbird 115.4.1 on October 25: https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
Depends on: (none) => 32477Source RPM: (none) => thunderbird, thunderbird-l10nWhiteboard: (none) => MGA9TOOCC: (none) => nicolas.salguero
Nicolas, changing you from CC to assignee as you are the regular Thunderbird maintainer. If you do not want this, please re-assign it.
Assignee: bugsquad => nicolas.salgueroCC: nicolas.salguero => (none)
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Queued up rendering could have allowed websites to clickjack. (CVE-2023-5721) Address bar spoofing via bidirectional characters. (CVE-2023-5732) Large WebGL draw could have led to a crash. (CVE-2023-5724) WebExtensions could open arbitrary URLs. (CVE-2023-5725) Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1. (CVE-2023-5730) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730 https://www.thunderbird.net/en-US/thunderbird/115.4.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/ ======================== Updated packages in core/updates_testing: ======================== thunderbird-115.4.1-1.mga9 thunderbird-af-115.4.1-1.mga9 thunderbird-ar-115.4.1-1.mga9 thunderbird-ast-115.4.1-1.mga9 thunderbird-be-115.4.1-1.mga9 thunderbird-bg-115.4.1-1.mga9 thunderbird-br-115.4.1-1.mga9 thunderbird-ca-115.4.1-1.mga9 thunderbird-cs-115.4.1-1.mga9 thunderbird-cy-115.4.1-1.mga9 thunderbird-da-115.4.1-1.mga9 thunderbird-de-115.4.1-1.mga9 thunderbird-dsb-115.4.1-1.mga9 thunderbird-el-115.4.1-1.mga9 thunderbird-en_CA-115.4.1-1.mga9 thunderbird-en_GB-115.4.1-1.mga9 thunderbird-en_US-115.4.1-1.mga9 thunderbird-es_AR-115.4.1-1.mga9 thunderbird-es_ES-115.4.1-1.mga9 thunderbird-es_MX-115.4.1-1.mga9 thunderbird-et-115.4.1-1.mga9 thunderbird-eu-115.4.1-1.mga9 thunderbird-fi-115.4.1-1.mga9 thunderbird-fr-115.4.1-1.mga9 thunderbird-fy_NL-115.4.1-1.mga9 thunderbird-ga_IE-115.4.1-1.mga9 thunderbird-gd-115.4.1-1.mga9 thunderbird-gl-115.4.1-1.mga9 thunderbird-he-115.4.1-1.mga9 thunderbird-hr-115.4.1-1.mga9 thunderbird-hsb-115.4.1-1.mga9 thunderbird-hu-115.4.1-1.mga9 thunderbird-hy_AM-115.4.1-1.mga9 thunderbird-id-115.4.1-1.mga9 thunderbird-is-115.4.1-1.mga9 thunderbird-it-115.4.1-1.mga9 thunderbird-ja-115.4.1-1.mga9 thunderbird-ka-115.4.1-1.mga9 thunderbird-kab-115.4.1-1.mga9 thunderbird-kk-115.4.1-1.mga9 thunderbird-ko-115.4.1-1.mga9 thunderbird-lt-115.4.1-1.mga9 thunderbird-lv-115.4.1-1.mga9 thunderbird-ms-115.4.1-1.mga9 thunderbird-nb_NO-115.4.1-1.mga9 thunderbird-nl-115.4.1-1.mga9 thunderbird-nn_NO-115.4.1-1.mga9 thunderbird-pa_IN-115.4.1-1.mga9 thunderbird-pl-115.4.1-1.mga9 thunderbird-pt_BR-115.4.1-1.mga9 thunderbird-pt_PT-115.4.1-1.mga9 thunderbird-ro-115.4.1-1.mga9 thunderbird-ru-115.4.1-1.mga9 thunderbird-sk-115.4.1-1.mga9 thunderbird-sl-115.4.1-1.mga9 thunderbird-sq-115.4.1-1.mga9 thunderbird-sr-115.4.1-1.mga9 thunderbird-sv_SE-115.4.1-1.mga9 thunderbird-th-115.4.1-1.mga9 thunderbird-tr-115.4.1-1.mga9 thunderbird-uk-115.4.1-1.mga9 thunderbird-uz-115.4.1-1.mga9 thunderbird-vi-115.4.1-1.mga9 thunderbird-zh_CN-115.4.1-1.mga9 thunderbird-zh_TW-115.4.1-1.mga9 from SRPMS: thunderbird-115.4.1-1.mga9.src.rpm thunderbird-l10n-115.4.1-1.mga9.src.rpm
Version: Cauldron => 9CC: (none) => nicolas.salgueroWhiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Whiteboard: (none) => advisory
MGA9-64 Plasma. Firefox and the nss packages had already been installed. No installation issues for the US English version. Sent and received email, read posts on some newsgroups. No issues to report. I do not use the calendar.
CC: (none) => andrewsfarm
Mageia 9 Plasma x86_64. Updated from testing repo. All ok for the moment. Receive ok Send ok. Calendar ok. Translation Es-es ok. Task ok Settings ok. Rss Ok. Greetings!
CC: (none) => joselp
mga9-64 OK for me Plasma X11, nvidia470 on GTX750, kernel-linus-6.4.16-5, Intel i7-870 Localisation (Swedish) OK Kept local mail and settings IMAP & SMTP There came an invitaion to a meeting, i accepted, and it is now in my calendar (my first time using it...) Some warnings appear on launch: (I have seen the GLib-GIO-WARNING from other applications, i.e Firefox) $ thunderbird [Parent 1337601, Main Thread] WARNING: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.: 'glib warning', file /home/iurt/rpmbuild/BUILD/thunderbird-115.4.1/thunderbird-115.4.1/toolkit/xre/nsSigHandlers.cpp:167 (thunderbird:1337601): GLib-GIO-WARNING **: 16:23:16.721: /usr/share/applications/kde-mimeapps.list contains a [Added Associations] group, but it is not permitted here. Only the non-desktop-specific mimeapps.list file may add or remove associations.
CC: (none) => fri
MGA9-64 Plasma on an HP Pavilion 15. Updated US English versions of Firefox and Thunderbird in one operation, with no installation issues. No operational issues to report, either.
No issues for anybody, time to move it on. Giving this a 64-bit OK, and validating. Moving "advisory" from whiteboard to keywords.
Whiteboard: advisory => MGA9-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0309.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED