32877 – Thunderbird 115.8

Bug 32877 - Thunderbird 115.8

Summary: Thunderbird 115.8

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	https://www.thunderbird.net/en-US/thu...
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:	32876
Blocks:
	Show dependency tree / graph

Reported:	2024-02-21 08:46 CET by Nicolas Salguero
Modified:	2024-02-27 02:22 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	thunderbird, thunderbird-l10n
CVE:	CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-02-21 08:46:10 CET

Mozilla has released Thunderbird 115.8 on February 20:
https://www.thunderbird.net/en-US/thunderbird/115.8.0/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/

Nicolas Salguero 2024-02-21 08:47:20 CET

Depends on: (none) => 32876
Source RPM: (none) => thunderbird, thunderbird-l10n
Assignee: bugsquad => nicolas.salguero
CVE: (none) => CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553

Nicolas Salguero 2024-02-21 08:47:28 CET

Status: NEW => ASSIGNED

Comment 1 Nicolas Salguero 2024-02-21 16:15:12 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Out-of-bounds memory read in networking channels. (CVE-2024-1546)

Alert dialog could have been spoofed on another site. (CVE-2024-1547)

Fullscreen Notification could have been hidden by select element. (CVE-2024-1548)

Custom cursor could obscure the permission dialog. (CVE-2024-1549)

Mouse cursor re-positioned unexpectedly could have led to unintended permission grants. (CVE-2024-1550)

Multipart HTTP Responses would accept the Set-Cookie header in response parts. (CVE-2024-1551)

Incorrect code generation on 32-bit ARM devices. (CVE-2024-1552)

Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. (CVE-2024-1553)

References:
https://www.thunderbird.net/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
========================

Updated packages in core/updates_testing:
========================
thunderbird-115.8.0-1.mga9
thunderbird-af-115.8.0-1.mga9
thunderbird-ar-115.8.0-1.mga9
thunderbird-ast-115.8.0-1.mga9
thunderbird-be-115.8.0-1.mga9
thunderbird-bg-115.8.0-1.mga9
thunderbird-br-115.8.0-1.mga9
thunderbird-ca-115.8.0-1.mga9
thunderbird-cs-115.8.0-1.mga9
thunderbird-cy-115.8.0-1.mga9
thunderbird-da-115.8.0-1.mga9
thunderbird-de-115.8.0-1.mga9
thunderbird-dsb-115.8.0-1.mga9
thunderbird-el-115.8.0-1.mga9
thunderbird-en_CA-115.8.0-1.mga9
thunderbird-en_GB-115.8.0-1.mga9
thunderbird-en_US-115.8.0-1.mga9
thunderbird-es_AR-115.8.0-1.mga9
thunderbird-es_ES-115.8.0-1.mga9
thunderbird-es_MX-115.8.0-1.mga9
thunderbird-et-115.8.0-1.mga9
thunderbird-eu-115.8.0-1.mga9
thunderbird-fi-115.8.0-1.mga9
thunderbird-fr-115.8.0-1.mga9
thunderbird-fy_NL-115.8.0-1.mga9
thunderbird-ga_IE-115.8.0-1.mga9
thunderbird-gd-115.8.0-1.mga9
thunderbird-gl-115.8.0-1.mga9
thunderbird-he-115.8.0-1.mga9
thunderbird-hr-115.8.0-1.mga9
thunderbird-hsb-115.8.0-1.mga9
thunderbird-hu-115.8.0-1.mga9
thunderbird-hy_AM-115.8.0-1.mga9
thunderbird-id-115.8.0-1.mga9
thunderbird-is-115.8.0-1.mga9
thunderbird-it-115.8.0-1.mga9
thunderbird-ja-115.8.0-1.mga9
thunderbird-ka-115.8.0-1.mga9
thunderbird-kab-115.8.0-1.mga9
thunderbird-kk-115.8.0-1.mga9
thunderbird-ko-115.8.0-1.mga9
thunderbird-lt-115.8.0-1.mga9
thunderbird-lv-115.8.0-1.mga9
thunderbird-ms-115.8.0-1.mga9
thunderbird-nb_NO-115.8.0-1.mga9
thunderbird-nl-115.8.0-1.mga9
thunderbird-nn_NO-115.8.0-1.mga9
thunderbird-pa_IN-115.8.0-1.mga9
thunderbird-pl-115.8.0-1.mga9
thunderbird-pt_BR-115.8.0-1.mga9
thunderbird-pt_PT-115.8.0-1.mga9
thunderbird-ro-115.8.0-1.mga9
thunderbird-ru-115.8.0-1.mga9
thunderbird-sk-115.8.0-1.mga9
thunderbird-sl-115.8.0-1.mga9
thunderbird-sq-115.8.0-1.mga9
thunderbird-sr-115.8.0-1.mga9
thunderbird-sv_SE-115.8.0-1.mga9
thunderbird-th-115.8.0-1.mga9
thunderbird-tr-115.8.0-1.mga9
thunderbird-uk-115.8.0-1.mga9
thunderbird-uz-115.8.0-1.mga9
thunderbird-vi-115.8.0-1.mga9
thunderbird-zh_CN-115.8.0-1.mga9
thunderbird-zh_TW-115.8.0-1.mga9

from SRPMS:
thunderbird-115.8.0-1.mga9.src.rpm
thunderbird-l10n-115.8.0-1.mga9.src.rpm

Assignee: nicolas.salguero => qa-bugs

Marja Van Waes 2024-02-21 16:37:03 CET

CC: (none) => marja11
URL: (none) => https://www.thunderbird.net/en-US/thunderbird/115.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/

Marja Van Waes 2024-02-21 16:40:33 CET

Keywords: (none) => advisory

Comment 2 Thomas Andrews 2024-02-22 17:43:42 CET

MGA9-64 Plasma, i5-7500, Nvidia Quadro K620 graphics.

No installation issues.

Sent and received mail, and also Usenet posts. Clicking on a link in an email brought up Firefox.

I do not use the calendar, but as far as I went it worked as expected.

CC: (none) => andrewsfarm

Comment 3 Morgan Leijström 2024-02-23 02:08:17 CET

mga9-64 OK

Tested under Plasma, Intel I7-870, nvidia-newfeature (testing) on GTX750, 4K screen, kernel desktop 6.6.17-3.

Closed, updated, started
Thunderbird just keep working OK:
Swedish locale
settings and local mail

Sent and received some mails;
IMAP (offline, IMAP to synk to server)
SMTP

Opens attached .pdf and .eml in tabs. 

Printing OK.

I do not use calendar nor tasks

CC: (none) => fri

Comment 4 Jose Manuel López 2024-02-23 09:12:06 CET

Hi,

Updated from testing repos for Mageia 9 x86_64 Plasma no VM.

I am using now. 

Accounts ok.
Send and receive ok.
Signature ok.
Addons ok.
Calendar and task ok.
Notifications ok.
Spanish translation ok.
Attachments ok.

Greetings!

CC: (none) => joselp

Comment 5 Guillaume Royer 2024-02-25 11:46:03 CET

Mageia X86_64 GNOME Mac Mini Core I5 16Go RAM

Updated with QA repo and RPMs:

thunderbird                    115.8.0      1.mga9        x86_64  
thunderbird-fr                 115.8.0      1.mga9        noarch  

Accounts ok.
Send and receive ok.
Calendar and task ok.
Notifications ok.

CC: (none) => guillaume.royer

Comment 6 Thomas Andrews 2024-02-25 17:56:28 CET

I have used this on two other MGA9-64 Plasma systems, with no issues. Sending it on.

Validating.

CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update

Comment 7 Mageia Robot 2024-02-27 02:22:38 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0050.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.