Several security vulnerabilities have been fixed in Thunderbird 17.0.3esr: MFSA-2013-28: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer MFSA-2013-27: Phishing on HTTPS connection through malicious proxy MFSA-2013-26: Use-after-free in nsImageLoadingContent MFSA-2013-25: Privacy leak in JavaScript Workers MFSA-2013-24: Web content bypass of COW and SOW security wrappers MFSA-2013-21: Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) The thunderbird, thunderbird-l10n and thunderbird-lightning packages have been updated to latest 17.0.3esr, due to 10.0esr will not be supported any more from mozilla.
Thunderbird has already been validated (see Bug 9142). Please use separate bugs for thunderbird and lightning (now and in the future). For this time we can use this bug for lightning.
CC: (none) => luigiwalserDepends on: (none) => 9142Summary: [Update Request] thunderbird 17.0.3ESR => [Update Request] thunderbird-lightningSource RPM: thunderbird-17.0.3-1.mga2, thunderbird-l10n-17.0.3-1.1.mga2, thunderbird-lightning-1.9-3.mga2 => thunderbird-lightning-1.9-3.mga2
Testing complete on Mageia 2 i586 and x86-64. Could someone from the sysadmin team push the srpm thunderbird-lightning-1.9-3.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Several security vulnerabilities have been fixed in Thunderbird 17.0.3esr: MFSA-2013-28: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer MFSA-2013-27: Phishing on HTTPS connection through malicious proxy MFSA-2013-26: Use-after-free in nsImageLoadingContent MFSA-2013-25: Privacy leak in JavaScript Workers MFSA-2013-24: Web content bypass of COW and SOW security wrappers MFSA-2013-21: Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) The thunderbird, thunderbird-l10n and thunderbird-lightning packages have been updated to latest 17.0.3esr, due to 10.0esr not being supported any more by mozilla. https://bugs.mageia.org/show_bug.cgi?id=9151
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Note the advisory isn't correct, as it pertains to Thunderbird (already pushed in another bug). I guess lightning was just rebuilt because of the updated Thunderbird.
Actually lightning had to be updated to a new version (1.9) for compatibility with Thunderbird 17 (since we just updated to that from 10).
So the advisory can be something like: This provides an updated thunderbird-lightning version 1.9 which is compatible with the recently released update to Thunderbird 17.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0065
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED