Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1779264
Summary: | thunderbird-68.5.0 is available | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Upstream Release Monitoring <upstream-release-monitoring> |
Component: | thunderbird | Assignee: | Gecko Maintainer <gecko-bugs-nobody> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | customercare, extras-qa, gecko-bugs-nobody, gordon.messmer, jan.public, john.j5live, kengert, pjasicek, rhughes, rstrode, sandmann |
Target Milestone: | --- | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | thunderbird-68.5.0-1.fc30 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-03 20:53:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Upstream Release Monitoring
2019-12-03 15:44:16 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - thunderbird-langpacks-68.3.0-20191203.tar.xz - thunderbird-mozconfig - thunderbird-mozconfig-branded - thunderbird-redhat-default-prefs.js - lightning-langpacks-68.3.0.tar.xz - thunderbird.desktop - thunderbird.sh.in - thunderbird-symbolic.svg - thunderbird-wayland.sh.in - thunderbird-wayland.desktop - get-calendar-langpacks.sh - node-stdout-nonblocking-wrapper - cbindgen-vendor.tar.xz Latest upstream release: 68.3.1 Current version/release in rawhide: 68.2.2-1.fc32 URL: https://www.thunderbird.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4967/ The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - thunderbird-langpacks-68.3.1-20191203.tar.xz - thunderbird-mozconfig - thunderbird-mozconfig-branded - thunderbird-redhat-default-prefs.js - lightning-langpacks-68.3.1.tar.xz - thunderbird.desktop - thunderbird.sh.in - thunderbird-symbolic.svg - thunderbird-wayland.sh.in - thunderbird-wayland.desktop - get-calendar-langpacks.sh - node-stdout-nonblocking-wrapper - cbindgen-vendor.tar.xz Latest upstream release: 68.4.1 Current version/release in rawhide: 68.3.1-1.fc32 URL: https://www.thunderbird.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4967/ The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - thunderbird-langpacks-68.4.1-20191217.tar.xz - thunderbird-mozconfig - thunderbird-mozconfig-branded - thunderbird-redhat-default-prefs.js - lightning-langpacks-68.4.1.tar.xz - thunderbird.desktop - thunderbird.sh.in - thunderbird-symbolic.svg - thunderbird-wayland.sh.in - thunderbird-wayland.desktop - get-calendar-langpacks.sh - node-stdout-nonblocking-wrapper - cbindgen-vendor.tar.xz This release contains critical security fixes, so it would be nice to build it as soon as possible: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/ Latest upstream release: 68.4.2 Current version/release in rawhide: 68.4.1-1.fc32 URL: https://www.thunderbird.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4967/ The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - thunderbird-langpacks-68.4.2-20200113.tar.xz - thunderbird-mozconfig - thunderbird-mozconfig-branded - thunderbird-redhat-default-prefs.js - lightning-langpacks-68.4.2.tar.xz - thunderbird.desktop - thunderbird.sh.in - thunderbird-symbolic.svg - thunderbird-wayland.sh.in - thunderbird-wayland.desktop - get-calendar-langpacks.sh - node-stdout-nonblocking-wrapper - cbindgen-vendor.tar.xz Latest upstream release: 68.5.0 Current version/release in rawhide: 68.4.1-2.fc32 URL: https://www.thunderbird.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4967/ The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you. Please use URLs in your Source declarations if possible. - thunderbird-langpacks-68.5.0-20200113.tar.xz - thunderbird-mozconfig - thunderbird-mozconfig-branded - thunderbird-redhat-default-prefs.js - lightning-langpacks-68.5.0.tar.xz - thunderbird.desktop - thunderbird.sh.in - thunderbird-symbolic.svg - thunderbird-wayland.sh.in - thunderbird-wayland.desktop - get-calendar-langpacks.sh - node-stdout-nonblocking-wrapper - cbindgen-vendor.tar.xz RCE Condition in Thunderbird < 68.5 ! Request immediate Upgrade! GERMAN BSI CERT send an advisory today 12.2.2020:h (in short: DOS Vector, RCE Vector, IDC Vector ) 12.02.2020____________________________________________________________________________________________________ Betroffene Systeme: Mozilla Firefox < 73 Mozilla Firefox ESR < 68.5 Mozilla Thunderbird < 68.5 ____________________________________________________________________________________________________ Empfehlung: Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller bereitgestellten Sicherheitsupdates, um die Schwachstellen zu schließen. ____________________________________________________________________________________________________ Zusammenfassung: Es bestehen mehrere Schwachstellen in Mozilla Firefox und Mozilla Firefox ESR, sowie in Mozilla Thunderbird. Ein Angreifer kann dies ausnutzen, um das Programm zum Absturz zu bringen, um Daten zu manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder schädlichen Programmcode auszuführen. Zur erfolgreichen Ausnutzung genügt es, einen bösartigen Link anzuklicken bzw. eine E-Mail mit schädlichen Inhalten zu öffnen. thunderbird-68.5.0-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-2211f3adde thunderbird-68.5.0-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |