{firefox,firefox-esr,thunderbird}

Salvatore Bonaccorso Fri, 01 Mar 2019 00:48:36 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
53a9efe0 by Salvatore Bonaccorso at 2019-03-01T08:44:53Z
Add CVE-2018-18499/{firefox,firefox-esr,thunderbird}

- - - - -
93a8a9b8 by Salvatore Bonaccorso at 2019-03-01T08:46:57Z
Add CVE-2018-18499 for DLA-1575-1/thunderbird

- - - - -
412ee506 by Salvatore Bonaccorso at 2019-03-01T08:47:14Z
Add CVE-2018-18499 for DLA-1571-1/firefox-esr

- - - - -
3ace3bed by Salvatore Bonaccorso at 2019-03-01T08:47:30Z
Add CVE-2018-18499 for DSA-4327-1/thunderbird

- - - - -
7e4e5391 by Salvatore Bonaccorso at 2019-03-01T08:47:44Z
Add CVE-2018-18499 for DSA-4287-1/firefox-esr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26497,7 +26497,12 @@ CVE-2018-18500 (A use-after-free vulnerability can 
occur while parsing an HTML5
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500
 CVE-2018-18499 (A same-origin policy violation allowing the theft of 
cross-origin URL ...)
-       TODO: check
+       - firefox 62.0-1
+       - firefox-esr 60.2.0esr-1
+       - thunderbird 1:60.2.1-1
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-18499
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-18499
 CVE-2018-18498 (A potential vulnerability leading to an integer overflow can 
occur ...)
        {DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
        - firefox 64.0-1


=====================================
data/DLA/list
=====================================
@@ -375,7 +375,7 @@
        {CVE-2018-16837}
        [jessie] - ansible 1.7.2+dfsg-2+deb8u1
 [12 Nov 2018] DLA-1575-1 thunderbird - security update
-       {CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 
CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 
CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 
CVE-2018-12392 CVE-2018-12393}
+       {CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 
CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 
CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 
CVE-2018-12392 CVE-2018-12393 CVE-2018-18499}
        [jessie] - thunderbird 1:60.3.0-1~deb8u1
 [11 Nov 2018] DLA-1574-1 imagemagick - security update
        {CVE-2018-18025}
@@ -387,7 +387,7 @@
        {CVE-2018-16845}
        [jessie] - nginx 1.6.2-5+deb8u6
 [07 Nov 2018] DLA-1571-1 firefox-esr - security update
-       {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 
CVE-2018-12395 CVE-2018-12396 CVE-2018-12397}
+       {CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 
CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-18499}
        [jessie] - firefox-esr 60.3.0esr-1~deb8u1
 [07 Nov 2018] DLA-1569-2 libdatetime-timezone-perl - regression update
        [jessie] - libdatetime-timezone-perl 1:1.75-2+2018g.1


=====================================
data/DSA/list
=====================================
@@ -235,7 +235,7 @@
        {CVE-2018-14665}
        [stretch] - xorg-server 2:1.19.2-1+deb9u4
 [25 Oct 2018] DSA-4327-1 thunderbird - security update
-       {CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 
CVE-2018-12379 CVE-2018-12383 CVE-2018-12385}
+       {CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 
CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-18499}
        [stretch] - thunderbird 1:60.2.1-2~deb9u1
 [25 Oct 2018] DSA-4326-1 openjdk-8 - security update
        {CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 
CVE-2018-3183 CVE-2018-3214}
@@ -357,7 +357,7 @@
        {CVE-2018-15908 CVE-2018-15910 CVE-2018-15911 CVE-2018-16511 
CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 
CVE-2018-16543 CVE-2018-16585 CVE-2018-15909}
        [stretch] - ghostscript 9.20~dfsg-3.2+deb9u4
 [07 Sep 2018] DSA-4287-1 firefox-esr - security update
-       {CVE-2018-12376 CVE-2018-12377 CVE-2018-12378}
+       {CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-18499}
        [stretch] - firefox-esr 60.2.0esr-1~deb9u2
 [05 Sep 2018] DSA-4286-1 curl - security update
        {CVE-2018-14618}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8913db710366ad2ae1cb6253b59ff2dcd376a74c...7e4e5391d99e612ab6853bdefeb13b21fbeba8e4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8913db710366ad2ae1cb6253b59ff2dcd376a74c...7e4e5391d99e612ab6853bdefeb13b21fbeba8e4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2018-18499/{firefox,firefox-esr,thunderbird}

Reply via email to