There is now mozilla-thunderbird-3.1.18-1.mga1 in core/updates_testing to validate, together with the language packages mozilla-thunderbird-XX-3.1.18-1.mga1 ------------------------------------------------------- Suggested advisory: ------------------- This update addresses the following security issues: o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-59.html (.jar files not being treated as executables on MacOS [CVE-2011-3666] fixed in 3.1.17) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (Miscellaneous memory safety hazards [(rv:10.0/ 1.9.2.26) [CVE-2012-0443, CVE-2012-0442]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-02.html (Overly permissive IPv6 literal syntax [CVE-2011-3670]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (Child nodes from nsDOMAttribute still accessible after removal of nodes, [CVE-2011-3659]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449]) ------------------------------------------------------- Steps to reproduce: - install/update to update candidate and according language pack - make sure there are no regressions - make sure Thunderbird uses the language of the language pack
Please don't be irritated by the changes, i was lazy so i just cloned a previous update request :)
Keywords: validated_update => (none)Status: NEW => ASSIGNEDCC: davidwhodgins, dmorganec, sysadmin-bugs => doktor5000Depends on: 2878 => (none)Assignee: bugsquad => qa-bugs
Could never be irritated with you Florian :)
Testing this one i586 as thats where I use it, seems OK.
This update hasn't fixed the 'Play a sound' on new mail issue. (bug 1631) Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISound.play]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://messenger/content/preferences/general.js :: anonymous :: line 94" data: no] No default plop either but I haven't noticed the plop for a long time now.
It was not intended to, it's only a security update. I was looking into fixing that, but seems pretty difficult as it was fixed upstream only for newer thunderbird (10.0) and as we need to switch to this newer thunderbird version anyways soon (cf http://www.mozilla.org/en-US/thunderbird/all-older.html ) i've decided that it's not worth the hassle.
Thats OK. Tested OK x86_64 too so I'll validate this one. I can't POCs for the CVE's. advisory: ------------------- This update addresses the following security issues: o fixes http://www.mozilla.org/security/announce/2011/mfsa2011-59.html (.jar files not being treated as executables on MacOS [CVE-2011-3666] fixed in 3.1.17) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (Miscellaneous memory safety hazards [(rv:10.0/ 1.9.2.26) [CVE-2012-0443, CVE-2012-0442]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-02.html (Overly permissive IPv6 literal syntax [CVE-2011-3670]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (Child nodes from nsDOMAttribute still accessible after removal of nodes, [CVE-2011-3659]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (Potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (Crash with malformed embedded XSLT stylesheets [CVE-2012-0449]) ------------------------------------------------------- SRPMs: mozilla-thunderbird-3.1.18-1.mga1.src.rpm mozilla-thunderbird-l10n-3.1.18-1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED