Bug 32642 - Firefox 115.6
Summary: Firefox 115.6
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 32643 32713
  Show dependency treegraph
 
Reported: 2023-12-21 10:10 CET by Nicolas Salguero
Modified: 2024-01-15 11:08 CET (History)
9 users (show)

See Also:
Source RPM: nss firefox firefox-l10n
CVE: CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2023-12-21 10:10:47 CET 
Mozilla has released Firefox 115.6 on December 19:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
Comment 1 Nicolas Salguero 2023-12-21 10:11:43 CET 
NSS 3.96.1 was released on December 18:
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html
Nicolas Salguero 2023-12-21 10:11:59 CET

Source RPM: (none) => nss, firefox, firefox-l10n
Whiteboard: (none) => MGA9TOO

Nicolas Salguero 2023-12-21 10:15:04 CET

Blocks: (none) => 32643

Comment 2 Morgan Leijström 2023-12-22 16:34:10 CET 
Strange: Firefox built OK 20 hours ago according to http://pkgsubmit.mageia.org/ but I do not find firefox rpm, but I do find the language and nss packages (and thunderbird).
Mirror umu.se up to date, and same status on distrib-coffee.

CC: (none) => fri

Comment 3 Nicolas Salguero 2023-12-22 17:13:29 CET 
And same status on kernel.org mirror :-(

Maybe it is a side effect of the lack of available space that affected the BS.
Comment 4 Morgan Leijström 2023-12-22 20:15:13 CET 
Space problem is the cause, according to Jani on dev ml.
Comment 5 Lewis Smith 2023-12-23 21:32:09 CET 
Good detective work, Morgan.
Assigning to Nicolas anyway, since you 'do' Firefox - already put version 115.6.0 into Cauldron.

Assignee: bugsquad => nicolas.salguero

Comment 6 Morgan Leijström 2023-12-23 22:12:19 CET 
In between, Chromium got built and is on mirrors, so maybe trying Firefox build again will work.
Comment 7 Morgan Leijström 2023-12-26 01:08:22 CET 
This is a critical security update, so hurry

Firefox succeeded building, but due to full disk it did not make it to mirrors

nss incl lib and firefox internationalisation are OK on mirrors.

Maybe missing firefox rpm is fixable by sysadmin (it did list as sucessfully built so it is somewhere?), or it need a new build.

Please proceed using best method.

CC: (none) => nicolas.salguero, sysadmin-bugs
Assignee: nicolas.salguero => pkg-bugs

Comment 8 Morgan Leijström 2024-01-06 21:08:32 CET 
Firefox rpm is now since a couple days in updates_testing
Comment 9 Morgan Leijström 2024-01-07 21:32:18 CET 
OK mga9-64 Plasma nvidia470

Swedish Translation OK

Settings and tabs restored.

Tested Video sites, banking, Tax office, shops, news...

---

@nicholas, please provide package list and advisory proposal

Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)

Thomas Andrews 2024-01-07 21:34:06 CET

CC: (none) => andrewsfarm

Comment 10 Morgan Leijström 2024-01-07 21:46:43 CET 
Setting feedback for packager to update cauldron.
(Maybe it did it get lost due to the disk space problem?)

Whiteboard: (none) => MGA9TOO
Version: 9 => Cauldron

Comment 11 Brian Rockwell 2024-01-08 04:27:39 CET 
MGA9-64, Xfce, AMD APU

The following 5 packages are going to be installed:

- firefox-115.6.0-1.mga9.x86_64
- firefox-en_CA-115.6.0-1.mga9.noarch
- firefox-en_GB-115.6.0-1.mga9.noarch
- firefox-en_US-115.6.0-1.mga9.noarch
- lib64nss3-3.96.1-1.mga9.x86_64

2.4MB of disk space will be freed.

- usual websites work
- youtube works
- audio and video are flowing smoothly

works for me

CC: (none) => brtians1

Comment 12 Nicolas Salguero 2024-01-08 10:24:42 CET 
Hi,

Sadly, neither Firefox ESR nor Thunderbird can be built with python 3.12 and Cauldron switched to that version of python.

Best regards,
Comment 13 Morgan Leijström 2024-01-08 12:21:05 CET 
We should not hinder a security update in our supported release because of whatever problem in our development cauldron.

Please open a separate issue for Cauldron.

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

Comment 14 Marja Van Waes 2024-01-08 14:17:14 CET 
(In reply to Nicolas Salguero from comment #0)

> 
> Security issues fixed:
> https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/

Adding the FF CVEs to the CVE: field

CVE: (none) => CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864, CVE-2023-6865, CVE-2023-6867
CC: (none) => marja11

Comment 15 Nicolas Salguero 2024-01-08 14:22:07 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver. (CVE-2023-6856)

Potential exposure of uninitialized data in EncryptingOutputStream. (CVE-2023-6865)

Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857)

Heap buffer overflow in nsTextFragment. (CVE-2023-6858)

Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)

Potential sandbox escape due to VideoBridge lack of texture validation. (CVE-2023-6860)

Clickjacking permission prompts using the popup transition. (CVE-2023-6867)

Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode. (CVE-2023-6861)

Use-after-free in nsDNSService. (CVE-2023-6862)

Undefined behavior in ShutdownObserver(). (CVE-2023-6863)

Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. (CVE-2023-6864)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html
========================

Updated packages in core/updates_testing:
========================
lib(64)nss3-3.96.1-1.mga9
lib(64)nss-devel-3.96.1-1.mga9
lib(64)nss-static-devel-3.96.1-1.mga9
nss-3.96.1-1.mga9
nss-doc-3.96.1-1.mga9

firefox-115.6.0-1.mga9
firefox-af-115.6.0-1.mga9
firefox-an-115.6.0-1.mga9
firefox-ar-115.6.0-1.mga9
firefox-ast-115.6.0-1.mga9
firefox-az-115.6.0-1.mga9
firefox-be-115.6.0-1.mga9
firefox-bg-115.6.0-1.mga9
firefox-bn-115.6.0-1.mga9
firefox-br-115.6.0-1.mga9
firefox-bs-115.6.0-1.mga9
firefox-ca-115.6.0-1.mga9
firefox-cs-115.6.0-1.mga9
firefox-cy-115.6.0-1.mga9
firefox-da-115.6.0-1.mga9
firefox-de-115.6.0-1.mga9
firefox-el-115.6.0-1.mga9
firefox-en_CA-115.6.0-1.mga9
firefox-en_GB-115.6.0-1.mga9
firefox-en_US-115.6.0-1.mga9
firefox-eo-115.6.0-1.mga9
firefox-es_AR-115.6.0-1.mga9
firefox-es_CL-115.6.0-1.mga9
firefox-es_ES-115.6.0-1.mga9
firefox-es_MX-115.6.0-1.mga9
firefox-et-115.6.0-1.mga9
firefox-eu-115.6.0-1.mga9
firefox-fa-115.6.0-1.mga9
firefox-ff-115.6.0-1.mga9
firefox-fi-115.6.0-1.mga9
firefox-fr-115.6.0-1.mga9
firefox-fur-115.6.0-1.mga9
firefox-fy_NL-115.6.0-1.mga9
firefox-ga_IE-115.6.0-1.mga9
firefox-gd-115.6.0-1.mga9
firefox-gl-115.6.0-1.mga9
firefox-gu_IN-115.6.0-1.mga9
firefox-he-115.6.0-1.mga9
firefox-hi_IN-115.6.0-1.mga9
firefox-hr-115.6.0-1.mga9
firefox-hsb-115.6.0-1.mga9
firefox-hu-115.6.0-1.mga9
firefox-hy_AM-115.6.0-1.mga9
firefox-ia-115.6.0-1.mga9
firefox-id-115.6.0-1.mga9
firefox-is-115.6.0-1.mga9
firefox-it-115.6.0-1.mga9
firefox-ja-115.6.0-1.mga9
firefox-ka-115.6.0-1.mga9
firefox-kab-115.6.0-1.mga9
firefox-kk-115.6.0-1.mga9
firefox-km-115.6.0-1.mga9
firefox-kn-115.6.0-1.mga9
firefox-ko-115.6.0-1.mga9
firefox-lij-115.6.0-1.mga9
firefox-lt-115.6.0-1.mga9
firefox-lv-115.6.0-1.mga9
firefox-mk-115.6.0-1.mga9
firefox-mr-115.6.0-1.mga9
firefox-ms-115.6.0-1.mga9
firefox-my-115.6.0-1.mga9
firefox-nb_NO-115.6.0-1.mga9
firefox-nl-115.6.0-1.mga9
firefox-nn_NO-115.6.0-1.mga9
firefox-oc-115.6.0-1.mga9
firefox-pa_IN-115.6.0-1.mga9
firefox-pl-115.6.0-1.mga9
firefox-pt_BR-115.6.0-1.mga9
firefox-pt_PT-115.6.0-1.mga9
firefox-ro-115.6.0-1.mga9
firefox-ru-115.6.0-1.mga9
firefox-sc-115.6.0-1.mga9
firefox-si-115.6.0-1.mga9
firefox-sk-115.6.0-1.mga9
firefox-sl-115.6.0-1.mga9
firefox-sq-115.6.0-1.mga9
firefox-sr-115.6.0-1.mga9
firefox-sv_SE-115.6.0-1.mga9
firefox-szl-115.6.0-1.mga9
firefox-ta-115.6.0-1.mga9
firefox-te-115.6.0-1.mga9
firefox-tg-115.6.0-1.mga9
firefox-th-115.6.0-1.mga9
firefox-tl-115.6.0-1.mga9
firefox-tr-115.6.0-1.mga9
firefox-uk-115.6.0-1.mga9
firefox-ur-115.6.0-1.mga9
firefox-uz-115.6.0-1.mga9
firefox-vi-115.6.0-1.mga9
firefox-xh-115.6.0-1.mga9
firefox-zh_CN-115.6.0-1.mga9
firefox-zh_TW-115.6.0-1.mga9

from SRPMS:
nss-3.96.1-1.mga9.src.rpm
firefox-115.6.0-1.mga9.src.rpm
firefox-l10n-115.6.0-1.mga9.src.rpm

Status: NEW => ASSIGNED

papoteur 2024-01-08 15:30:25 CET

CC: (none) => yvesbrungard
Source RPM: nss, firefox, firefox-l10n => nss firefox firefox-l10n

Comment 17 Marja Van Waes 2024-01-08 15:32:19 CET 
Thanks for the advisory, Nicolas.

It is not really needed to add the cve.mitre.org links, they are automatically added to our advisories by the scripts from our sysadmins to push updates. Besides, www.cve.org will soon be the place for the CVE records instead of cve.mitre.org.

The advisory from comment 15 has been added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

Keywords: (none) => advisory

Comment 18 Brian Rockwell 2024-01-08 15:41:40 CET 
MGA9-64, Plasma, Ryzen 3015i APU

The following 6 packages are going to be installed:

- firefox-115.6.0-1.mga9.x86_64
- firefox-en_CA-115.6.0-1.mga9.noarch
- firefox-en_GB-115.6.0-1.mga9.noarch
- firefox-en_US-115.6.0-1.mga9.noarch
- lib64nss3-3.96.1-1.mga9.x86_64
- nss-3.96.1-1.mga9.x86_64

---

using it for awhile - working as expected
Comment 19 Jose Manuel López 2024-01-08 15:50:58 CET 
Installed in Mageia 9 x86_64 Plasma. Works fine for the moment.

Audio, video, banks, certificates, ok.

Spanish language and settings ok.

Greetings!!

CC: (none) => joselp

Comment 20 Thomas Andrews 2024-01-08 17:09:51 CET 
MGA9-64 Plasma.

Installed Firefox and Thunderbird at the same time, with no issues. Tried Firefox with several sites afterward, with no apparent issues.

Looks OK here.
Comment 21 Brian Rockwell 2024-01-08 20:20:43 CET 
Can someone try this and see if firefox loops?

https://mirrors.mageia.org/status

Then click refresh button.  On this laptop it loops, but it could be something weird on this box.  I think I saw this on occasion on prior Firefox versions.
Comment 22 Thomas Andrews 2024-01-08 20:56:06 CET 
No problems here. I tried it as the only tab open, and as a second tab with this bug in the first.
Comment 23 Thomas Andrews 2024-01-08 20:59:23 CET 
Oh, wait. You said laptop. This is a desktop, with wired Internet. I've seen that sort of thing before on my laptops with wifi, but only when the connection isn't the greatest, like outside or on another floor.
Comment 24 Brian Rockwell 2024-01-08 21:05:43 CET 
rebooted again and applied the new 111 drivers.  

Working okay now, seems random on this specific hardware.
Comment 25 Marja Van Waes 2024-01-08 23:00:07 CET Comment hidden (obsolete)

Version: 9 => Cauldron
Whiteboard: (none) => MGA9TOO

Comment 26 Marja Van Waes 2024-01-08 23:11:02 CET 
(In reply to Morgan Leijström from comment #13)
> We should not hinder a security update in our supported release because of
> whatever problem in our development cauldron.
> 
> Please open a separate issue for Cauldron.

Sorry, I had missed that, I'll clone these bug reports.
Comment 27 Marja Van Waes 2024-01-08 23:16:22 CET 
(In reply to Marja Van Waes from comment #26)
> (In reply to Morgan Leijström from comment #13)
> > We should not hinder a security update in our supported release because of
> > whatever problem in our development cauldron.
> > 
> > Please open a separate issue for Cauldron.
> 
> Sorry, I had missed that, I'll clone these bug reports.

bug 32706 for Firefox.

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9

Comment 28 Thomas Andrews 2024-01-10 20:49:11 CET 
I've been using this for a couple of days now, without any issues, so it's probably OK for mga9.

I realize this is a critical security update, but... If we push this and Thunderbird now, before Cauldron has been updated, we break the upgrade path until the Cauldron version is fixed.

I've been using Mageia almost from the beginning, but I haven't been with QA that long. In the time I've been here I don't recall this ever being done on purpose before.
Comment 29 katnatek 2024-01-10 21:20:47 CET 
(In reply to Thomas Andrews from comment #28)
> I've been using this for a couple of days now, without any issues, so it's
> probably OK for mga9.
> 
> I realize this is a critical security update, but... If we push this and
> Thunderbird now, before Cauldron has been updated, we break the upgrade path
> until the Cauldron version is fixed.
> 
> I've been using Mageia almost from the beginning, but I haven't been with QA
> that long. In the time I've been here I don't recall this ever being done on
> purpose before.

What is the less bad: have an insecure version in current stable, or wait an unknown amount of time to cauldron and mozilla fix the firefox/thunderbird issues with python 3.12?
Comment 30 Morgan Leijström 2024-01-10 21:36:33 CET 
Cauldron is not for users.
We state it over and over many places.
If someone can not move from stable to Cauldron for quirks like this simple, they should definitely not run Cauldron.

This is a security update needed for the release we DO support.

Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update

Comment 31 Thomas Andrews 2024-01-11 00:01:36 CET 
I agree. I only brought it up to have a record that we considered it, weighed the pros and cons, and made a decision accordingly.

(I would have answered sooner, but we had a power outage this afternoon right as I was posting comment 28 that prevented it.)
Comment 32 Morgan Leijström 2024-01-11 00:47:47 CET 
Maybe it should be lifted to council, to write some trategy down.

I.e when we have two supported releases, i.e Mageia 8 and 9, updates should be shipped to the higher release first or at the same time.

Then what if suddenly updating the higher release do not work - say we had the problem that now is in Cauildron in mga9, and was still supporting mga8.  Should we hinder update of security impacted software on the lower supported release when there is a problem generating the update on an higher supported release?


For normal no-hurry updates I understand it is valuable to first see if updates builds for "next" release, but security updates must be pushed ASAP to supported releases.

And non critical functionality updates should not wait for many weeks either, or users drift way.
Comment 33 papoteur 2024-01-11 07:00:11 CET 
I agree to relax the rule for this package.
Compatible python 3.12 is not yet ready for Firefox. However this is not a package that will be forgotten.
Comment 34 Morgan Leijström 2024-01-12 19:25:28 CET 
Ship ASAP to updates!

TB is already out in updates repo and need this nss.

Bug 32713 - impossibility to update thunderbird to 115.6.0-1.mga9.x86_64 version due to broken dependancies

Priority: Normal => High

Comment 35 Dave Hodgins 2024-01-12 21:48:29 CET 
2024-01-08 08:32:19 CST - Advisory for firefox/nss added (32642.adv)
2024-01-10 14:36:33 CST - this bug validated
2024-01-12 06:37:46 CST - thunderbird pushed, which went through ok as this
bug was marked ready to be pushed too. bug 32643 comment 15

Most likely there is something the script doesn't like about the advisory
in svn.
$ cat 32642.adv 
type: security
subject: Updated nss, firefox and firefox-l10n packages fix security vulnerabilities
CVE:
- CVE-2023-6856
- CVE-2023-6857
- CVE-2023-6858
- CVE-2023-6859
- CVE-2023-6860
- CVE-2023-6861
- CVE-2023-6862
- CVE-2023-6863
- CVE-2023-6864
- CVE-2023-6865
- CVE-2023-6867
src:
  9:
    core:
    - nss-3.96.1-1.mga9
    - firefox-115.6.0-1.mga9
    - firefox-l10n-115.6.0-1.mga9
description: |
  The updated packages fix security vulnerabilities:
  Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with
  Mesa VM driver. (CVE-2023-6856)
  Potential exposure of uninitialized data in EncryptingOutputStream.
  (CVE-2023-6865)
  Symlinks may resolve to smaller than expected buffers. (CVE-2023-6857)
  Heap buffer overflow in nsTextFragment. (CVE-2023-6858)
  Use-after-free in PR_GetIdentitiesLayer. (CVE-2023-6859)
  Potential sandbox escape due to VideoBridge lack of texture validation.
  (CVE-2023-6860)
  Clickjacking permission prompts using the popup transition.
  (CVE-2023-6867)
  Heap buffer overflow affected nsWindow::PickerOpen(void) in headless
  mode. (CVE-2023-6861)
  Use-after-free in nsDNSService. (CVE-2023-6862)
  Undefined behavior in ShutdownObserver(). (CVE-2023-6863)
  Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
  Thunderbird 115.6. (CVE-2023-6864)
references:
- https://bugs.mageia.org/show_bug.cgi?id=32642
- https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_96_1.html

$ urpmq -i nss|grep ^Source|sort -uV|tail -n 1
Source RPM  : nss-3.96.1-1.mga9.src.rpm
$ urpmq -i firefox|grep ^Source|sort -uV|tail -n 1
Source RPM  : firefox-115.6.0-1.mga9.src.rpm
$ urpmq -i firefox-en_GB|grep ^Source|sort -uV|tail -n 1
Source RPM  : firefox-l10n-115.6.0-1.mga9.src.rpm

I don't see the mistake. Anyone else see what's wrong?

CC: (none) => davidwhodgins

Comment 36 katnatek 2024-01-13 02:54:52 CET 
(In reply to Dave Hodgins from comment #35)
I'm not sure, but the previous 2 firefox advisories have an ID at the end

https://svnweb.mageia.org/advisories/32551.adv?view=markup
https://svnweb.mageia.org/advisories/32477.adv?view=markup

And also the thunderbird
https://svnweb.mageia.org/advisories/32643.adv?view=markup
Comment 37 Dave Hodgins 2024-01-13 03:36:26 CET 
(In reply to katnatek from comment #36)
> (In reply to Dave Hodgins from comment #35)
> I'm not sure, but the previous 2 firefox advisories have an ID at the end

That get's added by the script that pushes the updates, when it's successful.

Adding the sysadmin team to the cc list.

Please help debug why the script used to push updates is failing to push
this firefox/nss/firefox-l18n update.

The advisory looks correct to me as per comment 35.
Comment 38 Morgan Leijström 2024-01-13 12:55:04 CET 
Also, why did the Thunderbird update Bug 32643 slip out before this despite it depend on this bug?

Manual mistake? - mistakes do happen, you are forgiven :)
or script fault - easier to fix for the future - if so rise a bug.
Comment 39 Thomas Andrews 2024-01-13 16:16:44 CET 
The only difference I see (other than the ID line at the end) between the old Firefox advisories and this one, and it seems MUCH too trivial to be a problem, is that in the descriptions of the older two there is a blank line between each CVE.

I can't imagine that would be it... 

Grasping at straws - could there be an unprintable character somewhere that it doesn't like? I looked for a comma where a period should be - a typo I sometimes fall into - and didn't see any.
Comment 40 katnatek 2024-01-13 19:04:34 CET 
I load thuderbird advisory for bug#32643 and for this even in writer and make visible all characters and not found anything evident :(
Comment 41 katnatek 2024-01-13 19:09:35 CET 
(In reply to Thomas Andrews from comment #39)
> The only difference I see (other than the ID line at the end) between the
> old Firefox advisories and this one, and it seems MUCH too trivial to be a
> problem, is that in the descriptions of the older two there is a blank line
> between each CVE.
> 
> I can't imagine that would be it... 
> 
> Grasping at straws - could there be an unprintable character somewhere that
> it doesn't like? I looked for a comma where a period should be - a typo I
> sometimes fall into - and didn't see any.

Could be? 
This advisory have 

subject: Updated nss, firefox and firefox-l10n packages fix security

And for 32477

subject: Updated nss and firefox packages fix security vulnerabilities
Comment 42 Dave Hodgins 2024-01-13 19:22:01 CET 
The script that pushes updates looks at the bug whiteboard and keyword entries,
assignment to qa, presence of the advisory file in svn, and bug dependencies.
Both the firefox/nss and this thunderbird bugs were selected by the script
meaning the dependency requirement and all other requirements were met.

When it actually went to push the update, the thunderbird update was
successfully pushed, but the firefox update failed to get pushed.

As far as I know, the only things that can cause a failure at that point are
problems with the srpm list in the svn advisory (not found in updates testing
or not being greater than what's already present in the release or updates
repos), or a syntax error in the advisory file in svn.

The syntax errors are the hardest to debug as there is no information returned
to qa from the script that pushes the update to indicate why the push failed.

The srpm entries in the svn advisory file match what's in update testing and
they have a greater version than any prior version. If there is a syntax
error, I don't see it. There are no trailing blanks on any line, no blank
lines where there shouldn't be one such as between the cve lines and the
header lines all look correct to me.

I just committed a change to the svn advisory removing the trailing colon
from the line "The updated packages fix security vulnerabilities:" in
the description, just in case the script is mistaking that line for a header.

(The presence of a comma in the subject line is not the cause).

Please run the script to push updates and let's see if that's why it didn't
like the advisory.
Comment 43 Marja Van Waes 2024-01-13 19:34:20 CET 
(In reply to Dave Hodgins from comment #42)

> 
> I just committed a change to the svn advisory removing the trailing colon
> from the line "The updated packages fix security vulnerabilities:" in
> the description, just in case the script is mistaking that line for a header.
> 
I doubt that's the cause, because there are 649 advisories with "vulnerabilies:" in the description.

Could it be that the subject line is too long (84 characters)?
Comment 44 katnatek 2024-01-13 19:40:28 CET 
(In reply to Dave Hodgins from comment #42)
> I just committed a change to the svn advisory removing the trailing colon
> from the line "The updated packages fix security vulnerabilities:" in
> the description, just in case the script is mistaking that line for a header.
> 
> (The presence of a comma in the subject line is not the cause).
> 
> Please run the script to push updates and let's see if that's why it didn't
> like the advisory.

I not think so, the advisory for thunderbird also have that https://svnweb.mageia.org/advisories/32643.adv?view=markup : I check versions and look right
Comment 45 Marja Van Waes 2024-01-13 19:49:34 CET 
I've shortened the subject.

Note that a few days ago, https://bugs.mageia.org/show_bug.cgi?id=32656 wasn't pushed along with the other updates, but over 8 hours later. However neither the bug report nor the advisory needed to be changed.
katnatek 2024-01-13 23:00:32 CET

Blocks: (none) => 32713

Comment 46 David Walser 2024-01-13 23:30:07 CET 
Probably not relevant to the subject at hand, but firefox-l10n needn't be listed in the advisory subject line as it doesn't fix any vulnerabilities.
Comment 47 Mageia Robot 2024-01-15 11:08:40 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0012.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.