RedHat has issued an advisory on January 8: https://rhn.redhat.com/errata/RHSA-2013-0145.html Updated packages uploaded for Mageia 2. The update has also been checked into Mageia 1 SVN. Note to QA: When testing, make sure you also have the updated rootcerts, nspr, and nss packages from Bug 8184 installed. Advisory to come later.
Depends on: (none) => 8184
Source RPMs: ------------ thunderbird-10.0.12-1.mga2 thunderbird-l10n-10.0.12-1.mga2
Advisory: ======================== Updated thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769). A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird (CVE-2013-0758). A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack (CVE-2013-0759). An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions (CVE-2013-0748). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769 http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.mozilla.org/security/announce/2013/mfsa2013-04.html http://www.mozilla.org/security/announce/2013/mfsa2013-05.html http://www.mozilla.org/security/announce/2013/mfsa2013-09.html http://www.mozilla.org/security/announce/2013/mfsa2013-11.html http://www.mozilla.org/security/announce/2013/mfsa2013-12.html http://www.mozilla.org/security/announce/2013/mfsa2013-15.html http://www.mozilla.org/security/announce/2013/mfsa2013-16.html http://www.mozilla.org/security/announce/2013/mfsa2013-17.html https://rhn.redhat.com/errata/RHSA-2013-0145.html ======================== Updated packages in core/updates_testing: ======================== nsinstall-10.0.12-1.mga2 thunderbird-10.0.12-1.mga2 thunderbird-ar-10.0.12-1.mga2 thunderbird-ast-10.0.12-1.mga2 thunderbird-be-10.0.12-1.mga2 thunderbird-bg-10.0.12-1.mga2 thunderbird-bn_BD-10.0.12-1.mga2 thunderbird-br-10.0.12-1.mga2 thunderbird-ca-10.0.12-1.mga2 thunderbird-cs-10.0.12-1.mga2 thunderbird-da-10.0.12-1.mga2 thunderbird-de-10.0.12-1.mga2 thunderbird-el-10.0.12-1.mga2 thunderbird-en_GB-10.0.12-1.mga2 thunderbird-enigmail-10.0.12-1.mga2 thunderbird-es_AR-10.0.12-1.mga2 thunderbird-es_ES-10.0.12-1.mga2 thunderbird-et-10.0.12-1.mga2 thunderbird-eu-10.0.12-1.mga2 thunderbird-fi-10.0.12-1.mga2 thunderbird-fr-10.0.12-1.mga2 thunderbird-fy-10.0.12-1.mga2 thunderbird-ga-10.0.12-1.mga2 thunderbird-gd-10.0.12-1.mga2 thunderbird-gl-10.0.12-1.mga2 thunderbird-he-10.0.12-1.mga2 thunderbird-hu-10.0.12-1.mga2 thunderbird-id-10.0.12-1.mga2 thunderbird-is-10.0.12-1.mga2 thunderbird-it-10.0.12-1.mga2 thunderbird-ja-10.0.12-1.mga2 thunderbird-ko-10.0.12-1.mga2 thunderbird-lt-10.0.12-1.mga2 thunderbird-nb_NO-10.0.12-1.mga2 thunderbird-nl-10.0.12-1.mga2 thunderbird-nn_NO-10.0.12-1.mga2 thunderbird-pa_IN-10.0.12-1.mga2 thunderbird-pl-10.0.12-1.mga2 thunderbird-pt_BR-10.0.12-1.mga2 thunderbird-pt_PT-10.0.12-1.mga2 thunderbird-ro-10.0.12-1.mga2 thunderbird-ru-10.0.12-1.mga2 thunderbird-si-10.0.12-1.mga2 thunderbird-sk-10.0.12-1.mga2 thunderbird-sl-10.0.12-1.mga2 thunderbird-sq-10.0.12-1.mga2 thunderbird-sv_SE-10.0.12-1.mga2 thunderbird-ta_LK-10.0.12-1.mga2 thunderbird-tr-10.0.12-1.mga2 thunderbird-uk-10.0.12-1.mga2 thunderbird-vi-10.0.12-1.mga2 thunderbird-zh_CN-10.0.12-1.mga2 thunderbird-zh_TW-10.0.12-1.mga2 from SRPMS: thunderbird-10.0.12-1.mga2.src.rpm thunderbird-l10n-10.0.12-1.mga2.src.rpm
extensions + language and thunderbird works fine
Whiteboard: (none) => MGA2-64-OK
send/receive working over IMAP/SMTP for multiple accounts MGA2-32
CC: (none) => wrw105Whiteboard: MGA2-64-OK => MGA2-64-OK MGA2-32-OK
Thanks guys, good work! Validating Advisory & srpm's in comment 2 Please push this _after_ firefox. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0021
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED