Bug 1779264 - thunderbird-68.5.0 is available [NEEDINFO]
Summary: thunderbird-68.5.0 is available
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: thunderbird
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-03 15:44 UTC by Upstream Release Monitoring
Modified: 2020-03-03 20:53 UTC (History)
11 users (show)

Fixed In Version: thunderbird-68.5.0-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-03 20:53:29 UTC
Type: ---
customercare: needinfo? (gecko-bugs-nobody)
customercare: needinfo? (extras-qa)


Attachments (Terms of Use)

Description Upstream Release Monitoring 2019-12-03 15:44:16 UTC
Latest upstream release: 68.3.0
Current version/release in rawhide: 68.2.2-1.fc32
URL: https://www.thunderbird.net/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/4967/

Comment 1 Upstream Release Monitoring 2019-12-03 15:44:36 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you.  Please use URLs in your Source declarations if possible.

- thunderbird-langpacks-68.3.0-20191203.tar.xz
- thunderbird-mozconfig
- thunderbird-mozconfig-branded
- thunderbird-redhat-default-prefs.js
- lightning-langpacks-68.3.0.tar.xz
- thunderbird.desktop
- thunderbird.sh.in
- thunderbird-symbolic.svg
- thunderbird-wayland.sh.in
- thunderbird-wayland.desktop
- get-calendar-langpacks.sh
- node-stdout-nonblocking-wrapper
- cbindgen-vendor.tar.xz

Comment 2 Upstream Release Monitoring 2019-12-17 01:20:49 UTC
Latest upstream release: 68.3.1
Current version/release in rawhide: 68.2.2-1.fc32
URL: https://www.thunderbird.net/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/4967/

Comment 3 Upstream Release Monitoring 2019-12-17 01:21:03 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you.  Please use URLs in your Source declarations if possible.

- thunderbird-langpacks-68.3.1-20191203.tar.xz
- thunderbird-mozconfig
- thunderbird-mozconfig-branded
- thunderbird-redhat-default-prefs.js
- lightning-langpacks-68.3.1.tar.xz
- thunderbird.desktop
- thunderbird.sh.in
- thunderbird-symbolic.svg
- thunderbird-wayland.sh.in
- thunderbird-wayland.desktop
- get-calendar-langpacks.sh
- node-stdout-nonblocking-wrapper
- cbindgen-vendor.tar.xz

Comment 4 Upstream Release Monitoring 2020-01-09 23:59:17 UTC
Latest upstream release: 68.4.1
Current version/release in rawhide: 68.3.1-1.fc32
URL: https://www.thunderbird.net/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/4967/

Comment 5 Upstream Release Monitoring 2020-01-09 23:59:26 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you.  Please use URLs in your Source declarations if possible.

- thunderbird-langpacks-68.4.1-20191217.tar.xz
- thunderbird-mozconfig
- thunderbird-mozconfig-branded
- thunderbird-redhat-default-prefs.js
- lightning-langpacks-68.4.1.tar.xz
- thunderbird.desktop
- thunderbird.sh.in
- thunderbird-symbolic.svg
- thunderbird-wayland.sh.in
- thunderbird-wayland.desktop
- get-calendar-langpacks.sh
- node-stdout-nonblocking-wrapper
- cbindgen-vendor.tar.xz

Comment 6 Gordon Messmer 2020-01-11 00:24:13 UTC
This release contains critical security fixes, so it would be nice to build it as soon as possible:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/

Comment 7 Upstream Release Monitoring 2020-01-24 16:57:27 UTC
Latest upstream release: 68.4.2
Current version/release in rawhide: 68.4.1-1.fc32
URL: https://www.thunderbird.net/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/4967/

Comment 8 Upstream Release Monitoring 2020-01-24 16:57:38 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you.  Please use URLs in your Source declarations if possible.

- thunderbird-langpacks-68.4.2-20200113.tar.xz
- thunderbird-mozconfig
- thunderbird-mozconfig-branded
- thunderbird-redhat-default-prefs.js
- lightning-langpacks-68.4.2.tar.xz
- thunderbird.desktop
- thunderbird.sh.in
- thunderbird-symbolic.svg
- thunderbird-wayland.sh.in
- thunderbird-wayland.desktop
- get-calendar-langpacks.sh
- node-stdout-nonblocking-wrapper
- cbindgen-vendor.tar.xz

Comment 9 Upstream Release Monitoring 2020-02-11 17:08:48 UTC
Latest upstream release: 68.5.0
Current version/release in rawhide: 68.4.1-2.fc32
URL: https://www.thunderbird.net/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy


More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.


Based on the information from anitya: https://release-monitoring.org/project/4967/

Comment 10 Upstream Release Monitoring 2020-02-11 17:08:57 UTC
The following Sources of the specfile are not valid URLs so we cannot automatically build the new version for you.  Please use URLs in your Source declarations if possible.

- thunderbird-langpacks-68.5.0-20200113.tar.xz
- thunderbird-mozconfig
- thunderbird-mozconfig-branded
- thunderbird-redhat-default-prefs.js
- lightning-langpacks-68.5.0.tar.xz
- thunderbird.desktop
- thunderbird.sh.in
- thunderbird-symbolic.svg
- thunderbird-wayland.sh.in
- thunderbird-wayland.desktop
- get-calendar-langpacks.sh
- node-stdout-nonblocking-wrapper
- cbindgen-vendor.tar.xz

Comment 11 customercare 2020-02-12 17:19:57 UTC
RCE Condition in Thunderbird < 68.5 !

Request immediate Upgrade!

GERMAN BSI CERT send an advisory today 12.2.2020:h
(in short: DOS Vector, RCE Vector, IDC Vector )

12.02.2020____________________________________________________________________________________________________
Betroffene Systeme:
Mozilla Firefox < 73
Mozilla Firefox ESR < 68.5
Mozilla Thunderbird < 68.5
____________________________________________________________________________________________________
Empfehlung:
Das BürgerCERT empfiehlt die zeitnahe Installation der vom Hersteller bereitgestellten 
Sicherheitsupdates, um die Schwachstellen zu schließen.
____________________________________________________________________________________________________
Zusammenfassung:

Es bestehen mehrere Schwachstellen in Mozilla Firefox und Mozilla Firefox ESR, sowie in Mozilla 
Thunderbird. Ein Angreifer kann dies ausnutzen, um das Programm zum Absturz zu bringen, um Daten zu 
manipulieren, um Sicherheitsmechanismen zu umgehen, um vertrauliche Daten einzusehen oder 
schädlichen Programmcode auszuführen. Zur erfolgreichen Ausnutzung genügt es, einen bösartigen Link 
anzuklicken bzw. eine E-Mail mit schädlichen Inhalten zu öffnen.

Comment 12 Fedora Update System 2020-02-18 03:12:07 UTC
thunderbird-68.5.0-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-2211f3adde

Comment 13 Fedora Update System 2020-03-03 20:53:29 UTC
thunderbird-68.5.0-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.