Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639048 (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830, MFSA2017-26) - <mail-client/thunderbird{,-bin}-52.5.0: multiple vulnerabilities
Summary: <mail-client/thunderbird{,-bin}-52.5.0: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-7826, CVE-2017-7828, CVE-2017-7830, MFSA2017-26
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve blocked]
Keywords:
Depends on: 641764 MFSA-2018-04
Blocks: CVE-2017-7753, CVE-2017-7779, CVE-2017-7782, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7793, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7804, CVE-2017-7805, CVE-2017-7807, CVE-2017-7809, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825
  Show dependency tree
 
Reported: 2017-11-28 09:55 UTC by Frank Krömmelbein
Modified: 2018-03-28 18:50 UTC (History)
3 users (show)

See Also:
Package list:
=mail-client/thunderbird-52.5.0
Runtime testing required: ---
stable-bot: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-29 00:08:52 UTC
(In reply to Frank Krömmelbein from comment #0)
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/

Thank you for the report Frank, @Maintainers please call for stabilization when ready.

Thanks
Comment 2 Larry the Git Cow gentoo-dev 2017-11-29 17:44:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b0f1c18b9d36f28addda1a8895988f6350d5e1

commit 96b0f1c18b9d36f28addda1a8895988f6350d5e1
Author:     Ian Stakenvicius <axs@gentoo.org>
AuthorDate: 2017-11-29 17:43:22 +0000
Commit:     Ian Stakenvicius <axs@gentoo.org>
CommitDate: 2017-11-29 17:44:33 +0000

    mail-client/thunderbird-bin: bump to 52.5.0
    
    Bumped directly to stable by maintainers for security
    
    Bug: http://bugs.gentoo.org/639048
    Package-Manager: Portage-2.3.13, Repoman-2.3.3

 mail-client/thunderbird-bin/Manifest               | 118 ++++++++++-----------
 ...52.4.0.ebuild => thunderbird-bin-52.5.0.ebuild} |   7 +-
 2 files changed, 62 insertions(+), 63 deletions(-)}
Comment 3 Ian Stakenvicius gentoo-dev 2017-11-29 17:47:05 UTC
Ebuilds are in the tree now.

mail-client/thunderbird-bin-52.5.0 has been committed directly to stable.

mail-client/thunderbird-52.5.0 requires x11-plugins/enigmail-1.9.8.3-r1 to also be stabilized to adopt improved way the enigmail extension is being installed and loaded by thunderbird.
Comment 4 Stephan Hartmann 2017-12-13 12:26:27 UTC
Maybe add arches?
Comment 5 Thomas Deutschmann gentoo-dev Security 2017-12-13 13:28:57 UTC
@ Arches,

please test and mark stable:

  =mail-client/thunderbird-52.5.0
  =x11-plugins/enigmail-1.9.8.3-r1
Comment 6 Thomas Deutschmann gentoo-dev Security 2017-12-14 15:08:42 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2017-12-14 20:27:24 UTC
amd64 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-12-20 12:25:38 UTC
@ Remaining arches:

Please pick up newer >=x11-plugins/enigmail-1.9.9 via bug 641764.
Comment 9 Ian Stakenvicius gentoo-dev 2018-01-04 15:54:03 UTC
ppc / ppc64 , would you like to drop stable keywords on this package?  The last one that was stabilized was 45.8.0 which has long been unsupported security-wise.
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-19 21:28:05 UTC
(In reply to Ian Stakenvicius from comment #9)
> ppc / ppc64 , would you like to drop stable keywords on this package?  The
> last one that was stabilized was 45.8.0 which has long been unsupported
> security-wise.

+1

@ppc/ppc64, how would you like to proceed?
Comment 11 Sergei Trofimovich gentoo-dev 2018-03-13 22:33:45 UTC
ppc stable
Comment 12 Stabilization helper bot gentoo-dev 2018-03-24 22:00:50 UTC
An automated check of this bug failed - the following atom is unknown:

mail-client/thunderbird-52.5.0

Please verify the atom list.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2018-03-28 18:24:59 UTC
This issue was resolved and addressed in
 GLSA 201803-14 at https://security.gentoo.org/glsa/201803-14
by GLSA coordinator Aaron Bauman (b-man).