Bug 9151 - [Update Request] thunderbird-lightning
Summary: [Update Request] thunderbird-lightning
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://www.mozilla.org/security/known...
Whiteboard: MGA2-64-OK MGA2-32-OK
Keywords: validated_update
Depends on: 9142
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-21 21:28 CET by Funda Wang
Modified: 2013-02-22 00:42 CET (History)
4 users (show)

See Also:
Source RPM: thunderbird-lightning-1.9-3.mga2
CVE:
Status comment:


Attachments

Description Funda Wang 2013-02-21 21:28:41 CET
Several security vulnerabilities have been fixed in Thunderbird 17.0.3esr:

MFSA-2013-28: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA-2013-27: Phishing on HTTPS connection through malicious proxy
MFSA-2013-26: Use-after-free in nsImageLoadingContent
MFSA-2013-25: Privacy leak in JavaScript Workers
MFSA-2013-24: Web content bypass of COW and SOW security wrappers
MFSA-2013-21: Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

The thunderbird, thunderbird-l10n and thunderbird-lightning packages have been updated to latest 17.0.3esr, due to 10.0esr will not be supported any more from mozilla.
Comment 1 David Walser 2013-02-21 21:32:10 CET
Thunderbird has already been validated (see Bug 9142).  Please use separate bugs for thunderbird and lightning (now and in the future).

For this time we can use this bug for lightning.

CC: (none) => luigiwalser
Depends on: (none) => 9142
Summary: [Update Request] thunderbird 17.0.3ESR => [Update Request] thunderbird-lightning
Source RPM: thunderbird-17.0.3-1.mga2, thunderbird-l10n-17.0.3-1.1.mga2, thunderbird-lightning-1.9-3.mga2 => thunderbird-lightning-1.9-3.mga2

Comment 2 Dave Hodgins 2013-02-21 23:09:25 CET
Testing complete on Mageia 2 i586 and x86-64.

Could someone from the sysadmin team push the srpm
thunderbird-lightning-1.9-3.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Several security vulnerabilities have been fixed in Thunderbird 17.0.3esr:

MFSA-2013-28: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
MFSA-2013-27: Phishing on HTTPS connection through malicious proxy
MFSA-2013-26: Use-after-free in nsImageLoadingContent
MFSA-2013-25: Privacy leak in JavaScript Workers
MFSA-2013-24: Web content bypass of COW and SOW security wrappers
MFSA-2013-21: Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

The thunderbird, thunderbird-l10n and thunderbird-lightning packages have been updated to latest 17.0.3esr, due to 10.0esr not being supported any more by mozilla.

https://bugs.mageia.org/show_bug.cgi?id=9151

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 3 David Walser 2013-02-21 23:54:58 CET
Note the advisory isn't correct, as it pertains to Thunderbird (already pushed in another bug).

I guess lightning was just rebuilt because of the updated Thunderbird.
Comment 4 David Walser 2013-02-21 23:57:26 CET
Actually lightning had to be updated to a new version (1.9) for compatibility with Thunderbird 17 (since we just updated to that from 10).
Comment 5 David Walser 2013-02-21 23:58:25 CET
So the advisory can be something like:

This provides an updated thunderbird-lightning version 1.9 which is compatible
with the recently released update to Thunderbird 17.
Comment 6 Thomas Backlund 2013-02-22 00:42:32 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0065

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.