Mozilla has released Thunderbird 115.5 on November 21: https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes/ Security issues fixed: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA9TOOSource RPM: (none) => thunderbird, thunderbird-l10n
Same thing again: you currently look after Thunderbird, so assigning this to you.
CC: nicolas.salguero => (none)Assignee: bugsquad => nicolas.salguero
Assignee: nicolas.salguero => pkg-bugs
Severity: normal => critical
For Cauldron and Mageia 9, new versions of thunderbird and thunderbird-l10n are into SVN.
Depends on: (none) => 32551
thunderbird-115.5.0-2.mga9 will include a patch from Centos for CVE-2023-44488 (see bug 32586).
Mozilla has released Thunderbird 115.5.1 on November 27: https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes/ It fixes several bugs.
Summary: Thunderbird 115.5 => Thunderbird 115.5.1
For Cauldron, thunderbird and thunderbird-l10n need to be built. Updated packages in core/updates_testing: ======================== thunderbird-115.5.1-1.mga9 thunderbird-af-115.5.1-1.mga9 thunderbird-ar-115.5.1-1.mga9 thunderbird-ast-115.5.1-1.mga9 thunderbird-be-115.5.1-1.mga9 thunderbird-bg-115.5.1-1.mga9 thunderbird-br-115.5.1-1.mga9 thunderbird-ca-115.5.1-1.mga9 thunderbird-cs-115.5.1-1.mga9 thunderbird-cy-115.5.1-1.mga9 thunderbird-da-115.5.1-1.mga9 thunderbird-de-115.5.1-1.mga9 thunderbird-dsb-115.5.1-1.mga9 thunderbird-el-115.5.1-1.mga9 thunderbird-en_CA-115.5.1-1.mga9 thunderbird-en_GB-115.5.1-1.mga9 thunderbird-en_US-115.5.1-1.mga9 thunderbird-es_AR-115.5.1-1.mga9 thunderbird-es_ES-115.5.1-1.mga9 thunderbird-es_MX-115.5.1-1.mga9 thunderbird-et-115.5.1-1.mga9 thunderbird-eu-115.5.1-1.mga9 thunderbird-fi-115.5.1-1.mga9 thunderbird-fr-115.5.1-1.mga9 thunderbird-fy_NL-115.5.1-1.mga9 thunderbird-ga_IE-115.5.1-1.mga9 thunderbird-gd-115.5.1-1.mga9 thunderbird-gl-115.5.1-1.mga9 thunderbird-he-115.5.1-1.mga9 thunderbird-hr-115.5.1-1.mga9 thunderbird-hsb-115.5.1-1.mga9 thunderbird-hu-115.5.1-1.mga9 thunderbird-hy_AM-115.5.1-1.mga9 thunderbird-id-115.5.1-1.mga9 thunderbird-is-115.5.1-1.mga9 thunderbird-it-115.5.1-1.mga9 thunderbird-ja-115.5.1-1.mga9 thunderbird-ka-115.5.1-1.mga9 thunderbird-kab-115.5.1-1.mga9 thunderbird-kk-115.5.1-1.mga9 thunderbird-ko-115.5.1-1.mga9 thunderbird-lt-115.5.1-1.mga9 thunderbird-lv-115.5.1-1.mga9 thunderbird-ms-115.5.1-1.mga9 thunderbird-nb_NO-115.5.1-1.mga9 thunderbird-nl-115.5.1-1.mga9 thunderbird-nn_NO-115.5.1-1.mga9 thunderbird-pa_IN-115.5.1-1.mga9 thunderbird-pl-115.5.1-1.mga9 thunderbird-pt_BR-115.5.1-1.mga9 thunderbird-pt_PT-115.5.1-1.mga9 thunderbird-ro-115.5.1-1.mga9 thunderbird-ru-115.5.1-1.mga9 thunderbird-sk-115.5.1-1.mga9 thunderbird-sl-115.5.1-1.mga9 thunderbird-sq-115.5.1-1.mga9 thunderbird-sr-115.5.1-1.mga9 thunderbird-sv_SE-115.5.1-1.mga9 thunderbird-th-115.5.1-1.mga9 thunderbird-tr-115.5.1-1.mga9 thunderbird-uk-115.5.1-1.mga9 thunderbird-uz-115.5.1-1.mga9 thunderbird-vi-115.5.1-1.mga9 thunderbird-zh_CN-115.5.1-1.mga9 thunderbird-zh_TW-115.5.1-1.mga9 from SRPMS: thunderbird-115.5.1-1.mga9.src.rpm thunderbird-l10n-115.5.1-1.mga9.src.rpm
Ready for QA? If so, assign to QA :) Note to QA: First update the packages from Bug 32551
CC: (none) => fri
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204) Use-after-free in MessagePort::Entangled. (CVE-2023-6205) Clickjacking permission prompts using the fullscreen transition. (CVE-2023-6206) Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207) Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208) Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. (CVE-2023-6212) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6208 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6209 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6212 https://www.thunderbird.net/en-US/thunderbird/115.5.0/releasenotes/ https://www.thunderbird.net/en-US/thunderbird/115.5.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/
Version: Cauldron => 9Assignee: pkg-bugs => qa-bugsWhiteboard: MGA9TOO => (none)Status: NEW => ASSIGNED
Advisory from comment 7 with SRPMs from comment 5 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Keywords: (none) => advisory
MGA9 x86_64 GNOME Updated with QARepo and rpm: thunderbird 115.5.1 1.mga9 x86_64 thunderbird-fr 115.5.1 1.mga9 noarch No issues after installation. Contacts and calendar synchronization ok Sending mail with attachments ok
CC: (none) => guillaume.royer
MGA9-64 Plasma. No installation issues for the US English version. The first time I ran it after updating I got a surprise - before anything else happened Firefox was automagically loaded with a page from Mozilla asking me for a donation to Thunderbird. I suppose I can't object because we put our page on the first run of every Firefox update, but still, I found it annoying. I closed Firefox, and T-bird displayed normally. All seemed well.
CC: (none) => andrewsfarm
MGA9-64 MATE on HP-Pavillion No installation issues. Thunderbird not installed here before, configured my hotmail account successfully using the wizard, sent and received email without and with aattachments, all OK.
CC: (none) => herman.viaene
OK mga9-64 Plasma nvidia470 Swedish Localisation OK Settings and local mail kept. IMAP, SMTP.
Updated on a couple of other machines, without issues. No reason to hold this back that I can see. Validating.
Whiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0343.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED