Bug 7863 - [UPDATE REQUEST 2016.1] Thunderbird 52.0 CVE-2017-7826
: [UPDATE REQUEST 2016.1] Thunderbird 52.0 CVE-2017-7826
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-14 23:28 MSD by Алексей-З
Modified: 2018-02-06 11:32 MSK (History)
5 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей-З 2017-04-14 23:28:32 MSD
Спустя год с момента публикации прошлого значительного выпуска состоялся новый релиз почтового клиента Thunderbird 52, развиваемого силами сообщества и основанного на технологиях Mozilla. Новый выпуск отнесён к категории версий с длительным сроком поддержки, обновления для которых выпускаются в течение года.
Comment 1 Алексей-З 2017-04-14 23:35:49 MSD
Updated to 52.0

ВНИМАНИЕ!
Требует SQLite 3.18.0
http://bugs.rosalinux.ru/show_bug.cgi?id=7743

mozilla-thunderbird
https://abf.rosalinux.ru/build_lists/2868856
https://abf.rosalinux.ru/build_lists/2868857

mozilla-thunderbird-l10n
https://abf.rosalinux.ru/build_lists/2868860
https://abf.rosalinux.ru/build_lists/2868861
Comment 3 Vladimir Potapov 2017-05-25 18:24:35 MSD
Календарь опять английский :-(
*****************************
QA Denied
Comment 4 Zombie Ryushu 2017-06-20 18:29:10 MSD
Additional Mageia Advisory

https://advisories.mageia.org/MGASA-2017-0180.html
Comment 5 Zombie Ryushu 2017-08-08 07:17:44 MSD
There is an additional problem with this update. For some reason, its not accepting known valid Cerificates from working sources.
Comment 6 Zombie Ryushu 2017-12-11 14:23:31 MSK
https://www.debian.org/security/2017/dsa-4061
Comment 7 Zombie Ryushu 2018-02-01 12:36:39 MSK
https://www.debian.org/security/2018/dsa-4102
Comment 8 Zombie Ryushu 2018-02-06 11:32:35 MSK

Integer overflow in Skia library during edge builder allocation.
(CVE-2018-5095)

Use-after-free while editing form elements. (CVE-2018-5096)

Use-after-free when source document is manipulated during XSLT.
(CVE-2018-5097)

Use-after-free while manipulating form input elements. (CVE-2018-5098)

Use-after-free with widget listener. (CVE-2018-5099)

Use-after-free in HTML media elements. (CVE-2018-5102)

Use-after-free during mouse event handling. (CVE-2018-5103)

Use-after-free during font face manipulation. (CVE-2018-5104)

URL spoofing with right-to-left text aligned left-to-right.
(CVE-2018-5117)

Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird
52.6. (CVE-2018-5089)