Mandriva issued this advisory today (February 13): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:018 The CVE is fixed in 10.0.1. I'm not sure how you want to handle this. For some reason MDV has not issued this update for 2010.2 (I know desktop is EOL but they did issue an update for FF). I've heard Mageia developers mention that Mozilla will be ending support for Thunderbird 3.x soonish, which could force us to move to a new version anyway.
Now Mandriva has issued the update for 2010.2, so we have to follow suit: http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVA-2012:019
Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
Keywords: (none) => TriagedCC: (none) => fundawangAssignee: bugsquad => doktor5000
I'm currently working on switching Thunderbird to ESR, and 10.0.1esr has just been released.
Status: NEW => ASSIGNED
When looking at http://www.mozilla.org/security/announce/2012/mfsa2012-10.html "Note: Firefox 9 and earlier are not affected by this vulnerability." and after checking back with mozilla developers, we don't need an update for this CVE for Mageia 1, and Cauldron has just been updated to 10.0.1, and next Mageia update will be (at least) to 10.0.1ESR which also is not affected by this. Closing. FWIW, that bug has been introduced between FF 9 and 10.
Status: ASSIGNED => RESOLVEDResolution: (none) => INVALID
Because of Comment 1, we still have to update to 10.0.1. I know you are working on esr, so that's fine. We will need a bug report to push it to QA, so let's not lose this one.
Status: RESOLVED => REOPENEDResolution: INVALID => (none)Summary: mozilla-thunderbird new security issue CVE-2012-0452 => mozilla-thunderbird needs to be updated to 10.0.1 for upgrading from MDV 2010.2
And there is now a 10.0.2 with an additional security fixhttp://www.mozilla.org/en-US/thunderbird/10.0.2/releasenotes/
CC: (none) => tmbSummary: mozilla-thunderbird needs to be updated to 10.0.1 for upgrading from MDV 2010.2 => mozilla-thunderbird needs to be updated to 10.0.2 for upgrading from MDV 2010.2Source RPM: mozilla-thunderbird-3.1.18-1.mga1.src.rpm => mozilla-thunderbird
Damn, didn't get this through either mozilla-announce or thunderbird-enterprise mailing lists, thanks for notifying. Update is nearly ready for submission, will test with 10.0.2 locally over the weekend and then hand over to QA.
Status: REOPENED => ASSIGNED
There is now mozilla-thunderbird-10.0.2-1.mga1, mozilla-thunderbird-l10n-10.0.2-1.mga1 and mozilla-thunderbird-lightning-1.2.1-1.mga1 in core/updates_testing to validate ------------------------------------------------------- Suggested advisory: ------------------- This update provides Mageia 1 with Mozilla Thunderbird Extended Support Release branch (aka ESR, http://www.mozilla.org/en-US/thunderbird/organizations/index.html ) and adresses the following issues: o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) Other fixes in this release: - thunderbird now plays (custom) notification sounds due to a backported patch to make thunderbird use libcanberra (which would otherwise only be released with FF/TB 12.0) and libcanberra is now a Suggests of new thunderbird update [see https://bugs.mageia.org/show_bug.cgi?id=1631 for details] ------------------------------------------------------- Steps to reproduce: - install/update to update candidate - make sure no addons gets disabled at next thunderbird restart - make sure language packs and enigmail+enigmail language packs are still working - make sure that lightning is still localized, shows correct timezone and is still working - make sure there is sound played for notification sounds and that https://bugs.mageia.org/show_bug.cgi?id=1631 is resolved Further notes: As this is a major change, i'd like to have intensive testing. I'm already using Thunderbird 10 since ~2 weeks without problems locally, FWIW.
Assignee: doktor5000 => qa-bugs
CC: (none) => doktor5000
I'm not getting any sound when the new mail notification pops up. I do have the following packages installed. canberra-common canberra-gtk libcanberra0 libcanberra-gtk0 Is there a default sound, or does one have to be set in preferences?
CC: (none) => davidwhodgins
I test firefox 10.0.2 on Mageia 1 64-bits since two days and I did not get any regression. It is ok for me.
CC: (none) => olivier.delaune
Spellcheck causes 2 warnings.. Warning: Empty string passed to getElementById(). Source File: chrome://editor/content/EdSpellCheck.xul Line: 0 Warning: Empty string passed to getElementById(). Source File: chrome://editor/content/EdSpellCheck.xul Line: 0 When new mail arrives an error.. Error: aFolder is undefined Source File: chrome://messenger/content/folderWidgets.xml Line: 691 no default sound is played either, i think it is maybe missing a default sound. Confirmed though that it can now play a wav file without the errors which were present and if a wav is set as the new mail sound then it plays when new mail arrives and does not cause the above error.
Checking again, the error *is* shown when the custom new mail sound is played aswell but it only seems to error when the mail is _not_ received in 'local folders'. Error: aFolder is undefined Source File: chrome://messenger/content/folderWidgets.xml Line: 691 With mail sound disabled completely, when new mail arrives in 'local folders' there is no error but in another mailbox it does, the sound was a red herring. Also there are messages and warnings on startup.. Could not read chrome manifest file '/usr/share/mozilla/extensions/{3550f703-e582-4d05-9a08-453d09bdfdc6}/langpack-en-GB@thunderbird.mozilla.org/chrome/en-GB.manifest'. Warning: Error in parsing value for 'clip'. Declaration dropped. Source File: resource://gre-resources/ua.css Line: 273 Warning: Use of getAttributeNodeNS() is deprecated. Use getAttributeNS() instead. Source File: chrome://messenger/content/messenger.xul Line: 0 These can all be seen in the error console from the tools menu.
(In reply to comment #9) > I'm not getting any sound when the new mail notification pops up. I do have > the following packages installed. > > Is there a default sound, or does one have to be set in preferences? Well, it uses the "system sound for new messages" so you may need to set this via gconf-editor. When choosing a custom sound, it plays properly. I'll try to see how it determines the default sound. @claire: For the spellchecking, beside the warnings, it is working properly? For the error console in general, please distinguish between the types of errors. I've also seen the "Error: aFolder is undefined" (cf https://bugzilla.mozilla.org/show_bug.cgi?id=670976 ) but this is more a cosmetic problem and thunderbird works just like expected. Golden rule: If there are no sideeffects from such messages, disregard them.
They are distinguishable Florian, the first word of the message shows the type of message it is by the looks of it. Apart from the 2 warnings, the spellcheck does work, yes.
I've noticed something strange. It used to see it occasionally with the old thunderbird too but it happens alot more often with this one. It is something I've only noticed with a gmail account so I can't rule out that this is a problem with gmail and not thunderbird. It is as if it doesn't parse the headers correctly. The bar in the middle which usually displays who an email is from, to and the subject doesn't show from or to and only shows an empty subject heading. The email itself displays the email text followed by the email source with the headers. If I switch to viewing another email and back again the email displays normally.
(In reply to comment #15) > I've noticed something strange. It used to see it occasionally with the old > thunderbird too but it happens alot more often with this one. > > It is something I've only noticed with a gmail account so I can't rule out that > this is a problem with gmail and not thunderbird. > > It is as if it doesn't parse the headers correctly. > > The bar in the middle which usually displays who an email is from, to and the > subject doesn't show from or to and only shows an empty subject heading. The > email itself displays the email text followed by the email source with the > headers. If I switch to viewing another email and back again the email displays > normally. Welcome to the club :( https://bugzilla.mozilla.org/show_bug.cgi?id=685794 I'm using tarball version and my mother is having the same problem on W7. So it's pretty much upstream's bug.
CC: (none) => sander.lepik
(very annoying :( ) yes it is isn't it! It shouldn't block the update then as it's reported upstream.
I notice though that they have assigned the bug to Nobody and also the bug they say it looks like a variant of is 2 years and 100,000 bugs old and also assigned to Nobody :(
(In reply to comment #18) > I notice though that they have assigned the bug to Nobody and also the bug they > say it looks like a variant of is 2 years and 100,000 bugs old and also > assigned to Nobody :( Well.. you can add comment. They think it's a rare problem but i don't think so. More and more people get hit by this bug.
I've noticed that this quite often doesn't shut down properly. It leaves thunderbird-bin running which causes it to give a message that it is already running when you try to restart it. To get it to start you then have to manually kill thunderbird-bin. Again this is something I had noticed before, so not entirely a regression, but it happens quite often with this version.
We don't really have a choice about upgrading sadly, since mdv have already done so. If this is not something you can fix Florian then I think we should validate the update.
(In reply to comment #20) > I've noticed that this quite often doesn't shut down properly. It leaves > thunderbird-bin running which causes it to give a message that it is already > running when you try to restart it FWIW, i have only noticed this once, and this has happened before. I've got myself a fresh Mageia 1 installation recently, so i'll try to pay attention to this. But this shouldn't block validation IMHO.
We have to validate this if it is an upstream issue as Mandriva have updated already and we support upgrade from them.
Florian, any thoughts on this?
Well, i can't reproduce it, it has happened to me once in the last 4 weeks of testing or so. FWIW, you don't maybe have qt-gtk-engine installed/running, by any chance? But looking at those: https://bugzilla.mozilla.org/show_bug.cgi?id=533104 https://bugzilla.mozilla.org/show_bug.cgi?id=628596 and some other reports at mozillazine and elsewhere, this seems really common, also on windows and macos. Maybe you want to try out the steps outlined in: https://wiki.mozilla.org/Thunderbird:Testing:Shutdown_Hang Could also be that this happens much more often with IMAP accounts, that could be it. Because i'm only using POP3.
$ rpm -q qt-gtk-engine package qt-gtk-engine is not installed Most of mine are IMAP but one POP3 and one NNTP. It seems there are some upstream bugs but I think we should validate this as it is blocking smooth upgrade from Mandriva. Does anybody have any objections?
Validating. I think we should mention known issues in the advisory so have added the ones we found at the bottom. Suggested advisory: ------------------- This update provides Mageia 1 with Mozilla Thunderbird Extended Support Release branch (ESR) and enables smooth upgrade from Mandriva 2010.2. More details on the ESR Release can be found at: http://www.mozilla.org/en-US/thunderbird/organizations/index.html It addresses the following issues: o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) Other fixes in this release: - thunderbird now plays (custom) notification sounds due to a backported patch to make thunderbird use libcanberra (which would otherwise only be released with FF/TB 12.0) and libcanberra is now a Suggests of new thunderbird update [see https://bugs.mageia.org/show_bug.cgi?id=1631 for details] Known upstream issues with this release: - Truncated emails with Gmail IMAP - Occasionally doesn't close properly, requiring thunderbird-bin to be killed before it will restart. ------------------------------------------------------- SRPMs: mozilla-thunderbird-10.0.2-1.mga1, mozilla-thunderbird-l10n-10.0.2-1.mga1 mozilla-thunderbird-lightning-1.2.1-1.mga1 Could sysadmin please push from core/updates_testing to core/updates.
Keywords: Triaged => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
(In reply to comment #27) > > Known upstream issues with this release: > - Truncated emails with Gmail IMAP > - Occasionally doesn't close properly, requiring thunderbird-bin to be killed > before it will restart. Maybe we can add to the latter: Troubleshooting and workarounds available upstream at https://wiki.mozilla.org/Thunderbird:Testing:Shutdown_Hang Otherwise i'm OK with that. FWIW, it would be really nice if someone could test (after validation) whether displaying decrpyted inline PGP messages works with the current version of enigmail (1.3.5), to help me evaluate if upcoming update to 10.0.3esr which i'm preparing currently needs also an updated enigmail. Upstream report available at: https://www.mozdev.org/bugs/show_bug.cgi?id=24762
Ping? Thunderbird 10.0.3ESR already knocking at the door ...
sysadmin please, waiting on a push.
Nope. Sorry, but no can do :/ As 10.0.3 was pushed by fwang ro updates_testing ~1 hour ago the 10.0.2 rpms got nuked. So unvalidating now, and QA will have to validate 10.0.3, and advisory updated before I can push it. Sorry about that...
Keywords: validated_update => (none)Summary: mozilla-thunderbird needs to be updated to 10.0.2 for upgrading from MDV 2010.2 => mozilla-thunderbird needs to be updated to 10.0.3 for upgrading from MDV 2010.2
Funda can you provide an updated advisory then please.
Lightning needs a rebuild too? Not?
Lightning doesn't need a rebuild, works fine. I'll provide the advisory, as i've already had enough work providing a proper commit message instead of "- new version 10.0.3esr". So here it comes: There is now mozilla-thunderbird-10.0.3-1.mga1, mozilla-thunderbird-l10n-10.0.3-1.mga1 and mozilla-thunderbird-lightning-1.2.1-1.mga1 in core/updates_testing to validate ------------------------------------------------------- Suggested advisory: ------------------- This update provides Mageia 1 with Mozilla Thunderbird Extended Support Release branch (ESR) and enables smooth upgrade from Mandriva 2010.2. More details on the ESR Release can be found at: http://www.mozilla.org/en-US/thunderbird/organizations/index.html It addresses the following issues: o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-13.html (XSS with Drag and Drop and Javascript: URL [CVE-2012-0455]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-14.html (SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-15.html (XSS with multiple Content Security Policy headers [CVE-2012-0451]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-16.html (Escalation of privilege with Javascript: URL as home page [CVE-2012-0458]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-17.html (Crash when accessing keyframe cssText after dynamic modification [CVE-2012-0459]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-18.html (window.fullScreen writeable by untrusted content [CVE-2012-0460]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-19.html (Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) [CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ]) Other fixes in this release: - thunderbird now plays (custom) notification sounds due to a backported patch to make thunderbird use libcanberra (which would otherwise only be released with FF/TB 12.0) and libcanberra is now a Suggests of new thunderbird update [see https://bugs.mageia.org/show_bug.cgi?id=1631 for details] Known upstream issues with this release: - Truncated emails with Gmail IMAP - Occasionally doesn't close properly, requiring thunderbird-bin to be killed before it will restart, troubleshooting and workarounds for that available upstream at https://wiki.mozilla.org/Thunderbird:Testing:Shutdown_Hang
x86_64 This version seems much improved. I haven't had the truncated emails at all yet and that was quite annoying. It hasn't failed to start either so far. Still get the two warnings on spellcheck before sending but everything seems to work as it should.
Well, as long as there are no errors, no problem. As i've looked around in mozilla's bugzilla, most people don't seem to care to keep the error console clean and some don't even care at all. As long as spellchecking is working, all's good.
Testing complete on i586 for the srpm mozilla-thunderbird-10.0.3-1.mga1.src.rpm I'm still not getting any sound when a new message is received, but that's not a regression. Testing using a pop3 account and nntp account.
Dave, do you get a new mail sound if you set a custom one? If not then it could be there is a problem as it works x86_64. I think the standard new mail sound has to be set somewhere in the system sounds but I don't know where. Thunderbird is not listed in KDE system settings under Application and system notifications but Firefox is. I've noticed a few truncated emails still x86_64 so it is not cured but i586 seems more prone to them. Other than that everything seems to be as it should. It would be good to identify where the standard mail sound can be set and ensure it does actually work using it once it has been. Florian, do you know where this should be set?
Yes, it works with a custom sound selected.
(In reply to comment #38) > > I think the standard new mail sound has to be set somewhere in the system > sounds but I don't know where. > > Florian, do you know where this should be set? I'll have a look where the default GNOME system sound is set, as Thunderbird uses GNOME/GTK settings.
(In reply to comment #38) > I've noticed a few truncated emails still x86_64 so it is not cured but i586 > seems more prone to them. Well, upstream's bug is still open and they are not working on it. :(
(In reply to comment #41) > (In reply to comment #38) > > I've noticed a few truncated emails still x86_64 so it is not cured but i586 > > seems more prone to them. > > Well, upstream's bug is still open and they are not working on it. :( One thing you can try. Open account's server settings and from advanced settings change cached connections to 1. Not sure if it will fix it but so long i haven't seen it happening again.
I tried as you say Sander but it still happens, for me at least. I don't think we should delay this any further to find the system sound as it is currently blocking smooth upgrade from Mandriva. If there are no objections I will validate. mozilla-thunderbird-10.0.3-1.mga1, mozilla-thunderbird-l10n-10.0.3-1.mga1 mozilla-thunderbird-lightning-1.2.1-1.mga1 Suggested advisory: ------------------- This update provides Mageia 1 with Mozilla Thunderbird Extended Support Release branch (ESR) and enables smooth upgrade from Mandriva 2010.2. More details on the ESR Release can be found at: http://www.mozilla.org/en-US/thunderbird/organizations/index.html It addresses the following issues: o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-11.html (libpng integer overflow [CVE-2011-3026]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-01.html (miscellaneous memory safety hazards [CVE-2012-0442] [CVE-2012-0443] fixed in 10.0 ) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-03.html (<iframe> element exposed across domains via name attribute [CVE-2012-0445] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-04.html (child nodes from nsDOMAttribute still accessible after removal of nodes [CVE-2011-3659] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-05.html (frame scripts calling into untrusted objects bypass security checks [CVE-2012-0446] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-06.html (uninitialized memory appended when encoding icon images may cause information disclosure [CVE-2012-0447] fixed in 10.0 o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-07.html (potential Memory Corruption When Decoding Ogg Vorbis files [CVE-2012-0444] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-08.html (crash with malformed embedded XSLT stylesheets [CVE-2012-0449] fixed in 10.0) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-10.html (use after free in nsXBLDocumentInfo::ReadPrototypeBindings [CVE-2012-0452]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-13.html (XSS with Drag and Drop and Javascript: URL [CVE-2012-0455]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-14.html (SVG issues found with Address Sanitizer [CVE-2012-0456, CVE-2012-0457]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-15.html (XSS with multiple Content Security Policy headers [CVE-2012-0451]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-16.html (Escalation of privilege with Javascript: URL as home page [CVE-2012-0458]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-17.html (Crash when accessing keyframe cssText after dynamic modification [CVE-2012-0459]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-18.html (window.fullScreen writeable by untrusted content [CVE-2012-0460]) o fixes http://www.mozilla.org/security/announce/2012/mfsa2012-19.html (Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) [CVE-2012-0461, CVE-2012-0462, CVE-2012-0464, CVE-2012-0463 ]) Other fixes in this release: - thunderbird now plays (custom) notification sounds due to a backported patch to make thunderbird use libcanberra (which would otherwise only be released with FF/TB 12.0) and libcanberra is now a Suggests of new thunderbird update [see https://bugs.mageia.org/show_bug.cgi?id=1631 for details] Known upstream issues with this release: - Truncated emails with Gmail IMAP - Occasionally doesn't close properly, requiring thunderbird-bin to be killed before it will restart, troubleshooting and workarounds for that available upstream at https://wiki.mozilla.org/Thunderbird:Testing:Shutdown_Hang ----------------------------------- Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_update
Update pushed
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
(In reply to comment #43) > > I don't think we should delay this any further to find the system sound as it > is currently blocking smooth upgrade from Mandriva. Sorry that i was unclear, i meant i'll have a look, i don't think that's anything which should block validation of an updated which fixes that much security problems. But finally we got this out the door, thanks for helping with that <3 The default sound issue is noted on my TODO list, though.