33805 – Thunderbird 128.5

Bug 33805 - Thunderbird 128.5

Summary: Thunderbird 128.5

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:	33804
Blocks:
	Show dependency tree / graph

Reported:	2024-11-26 17:08 CET by Nicolas Salguero
Modified:	2024-12-02 18:18 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	thunderbird, thunderbird-l10n
CVE:	CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-11-26 17:08:44 CET

Mozilla has released Thunderbird 128.5 on November 26:
https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/

Security issues fixed:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/

Nicolas Salguero 2024-11-26 17:08:51 CET

Depends on: (none) => 33804

Nicolas Salguero 2024-11-26 17:09:54 CET

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699
Source RPM: (none) => thunderbird, thunderbird-l10n

Comment 1 Nicolas Salguero 2024-11-28 09:18:24 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Select list elements could be shown over another site. (CVE-2024-11692)

CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694)

URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695)

Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696)

Improper Keypress Handling in Executable File Confirmation Dialog. (CVE-2024-11697)

Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. (CVE-2024-11699)

References:
https://www.thunderbird.net/en-US/thunderbird/128.5.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/
========================

Updated packages in core/updates_testing:
========================
thunderbird-128.5.0-1.mga9
thunderbird-af-128.5.0-1.mga9
thunderbird-ar-128.5.0-1.mga9
thunderbird-ast-128.5.0-1.mga9
thunderbird-be-128.5.0-1.mga9
thunderbird-bg-128.5.0-1.mga9
thunderbird-br-128.5.0-1.mga9
thunderbird-ca-128.5.0-1.mga9
thunderbird-cs-128.5.0-1.mga9
thunderbird-cy-128.5.0-1.mga9
thunderbird-da-128.5.0-1.mga9
thunderbird-de-128.5.0-1.mga9
thunderbird-dsb-128.5.0-1.mga9
thunderbird-el-128.5.0-1.mga9
thunderbird-en_CA-128.5.0-1.mga9
thunderbird-en_GB-128.5.0-1.mga9
thunderbird-en_US-128.5.0-1.mga9
thunderbird-es_AR-128.5.0-1.mga9
thunderbird-es_ES-128.5.0-1.mga9
thunderbird-es_MX-128.5.0-1.mga9
thunderbird-et-128.5.0-1.mga9
thunderbird-eu-128.5.0-1.mga9
thunderbird-fi-128.5.0-1.mga9
thunderbird-fr-128.5.0-1.mga9
thunderbird-fy_NL-128.5.0-1.mga9
thunderbird-ga_IE-128.5.0-1.mga9
thunderbird-gd-128.5.0-1.mga9
thunderbird-gl-128.5.0-1.mga9
thunderbird-he-128.5.0-1.mga9
thunderbird-hr-128.5.0-1.mga9
thunderbird-hsb-128.5.0-1.mga9
thunderbird-hu-128.5.0-1.mga9
thunderbird-hy_AM-128.5.0-1.mga9
thunderbird-id-128.5.0-1.mga9
thunderbird-is-128.5.0-1.mga9
thunderbird-it-128.5.0-1.mga9
thunderbird-ja-128.5.0-1.mga9
thunderbird-ka-128.5.0-1.mga9
thunderbird-kab-128.5.0-1.mga9
thunderbird-kk-128.5.0-1.mga9
thunderbird-ko-128.5.0-1.mga9
thunderbird-lt-128.5.0-1.mga9
thunderbird-lv-128.5.0-1.mga9
thunderbird-ms-128.5.0-1.mga9
thunderbird-nb_NO-128.5.0-1.mga9
thunderbird-nl-128.5.0-1.mga9
thunderbird-nn_NO-128.5.0-1.mga9
thunderbird-pa_IN-128.5.0-1.mga9
thunderbird-pl-128.5.0-1.mga9
thunderbird-pt_BR-128.5.0-1.mga9
thunderbird-pt_PT-128.5.0-1.mga9
thunderbird-ro-128.5.0-1.mga9
thunderbird-ru-128.5.0-1.mga9
thunderbird-sk-128.5.0-1.mga9
thunderbird-sl-128.5.0-1.mga9
thunderbird-sq-128.5.0-1.mga9
thunderbird-sr-128.5.0-1.mga9
thunderbird-sv_SE-128.5.0-1.mga9
thunderbird-th-128.5.0-1.mga9
thunderbird-tr-128.5.0-1.mga9
thunderbird-uk-128.5.0-1.mga9
thunderbird-uz-128.5.0-1.mga9
thunderbird-vi-128.5.0-1.mga9
thunderbird-zh_CN-128.5.0-1.mga9
thunderbird-zh_TW-128.5.0-1.mga9

from SRPMS:
thunderbird-128.5.0-1.mga9.src.rpm
thunderbird-l10n-128.5.0-1.mga9.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Assignee: bugsquad => qa-bugs

Comment 2 Herman Viaene 2024-11-28 16:15:12 CET

MGA9-64 Xfce on Compaq H000SB
No installation issues.
Exercised first time installation by setting up account, sending and receiving mails with and without attachment. Filling out an event on the Calendar.
All worked OK.

CC: (none) => herman.viaene

katnatek 2024-11-28 18:03:16 CET

Keywords: (none) => advisory

Comment 3 Jose Manuel López 2024-11-30 21:28:43 CET

Installed in Mga9 x64 Plasma 

Works fine at the moment.

Receive and send ok.
Imap and Pop3 accounts ok.
Settings and spanish translation ok.
Signature ok.
Addons ok.

Pc: Slimbook ProX14 AMD 5700H with Amd graphics.

CC: (none) => Joselp

Comment 4 Guillaume Royer 2024-12-01 20:51:55 CET

MGA x64 GNOME

Updated with RPM:

thunderbird-128.5.0-1.mga9.x86_64.rpm
thunderbird-fr-128.5.0-1.mga9.noarch.rpm

Receive and send mail IMAP ok
Calendar synch OK
Contact synch OK

CC: (none) => guillaume.royer

Comment 5 Thomas Andrews 2024-12-01 23:09:38 CET

MGA9-64 Plasma on two machines, one Intel-based, the other AMD-based, for several days. Used the US English version to send/receive POP mail, and read newsgroup messages with no issues. I do not use the calendar.

I believe this is good to go. Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 Morgan Leijström 2024-12-02 09:25:27 CET

mga9-64 OK

Plasma X11, repeated tests like i use to

Closed Thunderbird, data backup, updated, started:
Thunderbird just keep working OK:
Opened tabs restored
Settings and local mail kept
Swedish locale
IMAP (offline, IMAP to synk to server)
SMTP
Sent mail with both inline and attached jpg
Received mail with both inline jpg and attached jpg, attached pdf
Viewed attached pdf in Thunderbird, and printed to network printer.

I do not use calendar nor tasks or filters

Similar setup used on two systems, different accounts, for a few days.

CC: (none) => fri

Comment 7 Mageia Robot 2024-12-02 18:18:46 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0384.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.