Summary: | <mail-client/thunderbird{-bin,}-91.6.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Frederik Pfautsch <bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mozilla |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugzilla.mozilla.org/show_bug.cgi?id=1756149 | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 833575, 834686 |
Description
Frederik Pfautsch
2022-02-17 10:19:56 UTC
Thank you for reporting! I missed Thunderbird in the last round of Mozilla advisories due to Mozilla releasing them asynchronously, so I'll block the tracker here. mozilla@, please stabilize 91.6.1. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=270c3894322dfbbf9a5f663732e4e50b68d4c9dd commit 270c3894322dfbbf9a5f663732e4e50b68d4c9dd Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-02-18 10:39:17 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-02-18 12:26:54 +0000 mail-client/thunderbird: stabilize 91.6.1 for amd64 Bug: https://bugs.gentoo.org/833520 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-91.6.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) I'm gonna push thunderbird-91.6.2 straight to stable today due to multiple "possible" security fixes it carries. https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird91.6.2 (may be updated later?) https://www.thunderbird.net/en-US/thunderbird/91.6.2/releasenotes/ May need to package.use.mask system-libvpx for x86 since upstream hasn't commented anything about it, and figure out the root-reason later. Might be related to "too new" libvpx that's stabilized in Gentoo, wouldn't be the first time firefox/thunderbird need to depend on older version. Just for the record, firefox-esr and thunderbird both bundle 1.8.2 version of libvpx. * package.use.force of course ^ The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7b5a41ea4e25241b0ee175bc8a6efa6850d7ceb commit d7b5a41ea4e25241b0ee175bc8a6efa6850d7ceb Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-03-06 17:27:58 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-03-06 17:30:19 +0000 mail-client/thunderbird: security stabilization on 91.6.2 for amd64 Bug: https://bugs.gentoo.org/833520 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-91.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7741605585343123d580bdf73dd7c9db0761df1 commit b7741605585343123d580bdf73dd7c9db0761df1 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-03-06 15:37:34 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-03-06 17:30:19 +0000 mail-client/thunderbird: security stabilization 91.6.2 for x86 Bug: https://bugs.gentoo.org/833520 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-91.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks, I didn't even notice Thunderbird was affected in this advisory thanks to the advisory title not mentioning it. Cleaned. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6489baf220965f673c0e5055c9169f582c156290 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=8856093f804feeda5fe9097d49ba3307aaefc9c2 commit 8856093f804feeda5fe9097d49ba3307aaefc9c2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:08:55 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:36 +0000 [ GLSA 202208-14 ] Mozilla Thunderbird: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/794085 Bug: https://bugs.gentoo.org/802759 Bug: https://bugs.gentoo.org/807943 Bug: https://bugs.gentoo.org/811912 Bug: https://bugs.gentoo.org/813501 Bug: https://bugs.gentoo.org/822294 Bug: https://bugs.gentoo.org/828539 Bug: https://bugs.gentoo.org/831040 Bug: https://bugs.gentoo.org/833520 Bug: https://bugs.gentoo.org/834805 Bug: https://bugs.gentoo.org/845057 Bug: https://bugs.gentoo.org/846596 Bug: https://bugs.gentoo.org/849047 Bug: https://bugs.gentoo.org/857048 Bug: https://bugs.gentoo.org/864577 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-14.xml | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) GLSA released, all done! |