[Git][security-tracker-team/security-tracker][master] new firefox-esr issues

Moritz Muehlenhoff Tue, 21 May 2019 14:37:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
25a6ec7d by Moritz Muehlenhoff at 2019-05-21T21:36:17Z
new firefox-esr issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1211,6 +1211,8 @@ CVE-2019-11699
        RESERVED
 CVE-2019-11698
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
 CVE-2019-11697
        RESERVED
 CVE-2019-11696
@@ -1219,12 +1221,20 @@ CVE-2019-11695
        RESERVED
 CVE-2019-11694
        RESERVED
+       - firefox-esr <not-affected> (Windows-specific)
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
 CVE-2019-11693
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
 CVE-2019-11692
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
 CVE-2019-11691
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
 CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through 
v2019.04 la ...)
        - u-boot 2019.01+dfsg-6 (low; bug #928557)
        [stretch] - u-boot <no-dsa> (Minor issue)
@@ -6520,16 +6530,28 @@ CVE-2019-9821
        RESERVED
 CVE-2019-9820
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
 CVE-2019-9819
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
 CVE-2019-9818
        RESERVED
+       - firefox-esr <not-affected> (Windows-specific)
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
 CVE-2019-9817
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
 CVE-2019-9816
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
 CVE-2019-9815
        RESERVED
+       - firefox-esr <not-affected> (MacOS-specific)
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
 CVE-2019-9814
        RESERVED
 CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type 
confusion i ...)
@@ -6581,6 +6603,8 @@ CVE-2019-9801 (Firefox will accept any registered Program 
ID as an external prot
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
 CVE-2019-9800
        RESERVED
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
 CVE-2019-9799 (Insufficient bounds checking of data during inter-process 
communicatio ...)
        - firefox 66.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
@@ -6589,7 +6613,9 @@ CVE-2019-9798 (On Android systems, Firefox can load a 
library from APITRACE_LIB,
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin 
policy ...)
        - firefox 66.0-1
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
 CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL 
animation contr ...)
        {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
        - firefox-esr 60.6.0esr-1
@@ -12882,9 +12908,11 @@ CVE-2019-7318
 CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free 
because  ...)
        {DSA-4435-1}
        - libpng1.6 1.6.36-4 (bug #921355)
+       - firefox-esr <unfixed>
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
        NOTE: https://github.com/glennrp/libpng/issues/275
        NOTE: 
https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. 
The us ...)
        NOT-FOR-US: CSS-TRICKS Chat2
 CVE-2019-7315
@@ -16600,6 +16628,8 @@ CVE-2019-5798
        RESERVED
        {DSA-4421-1}
        - chromium 73.0.3683.75-1
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
 CVE-2019-5797
        RESERVED
        {DSA-4421-1}


=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ faad2
 ffmpeg (jmm)
   ping upstream for 3.2.14 release catching up with recent issues  
 --
+firefox-esr (jmm)
+--
 glusterfs
 --
 graphicsmagick



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25a6ec7dcd2fb1e6b8df48bc7f95b9d9ba71acd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/25a6ec7dcd2fb1e6b8df48bc7f95b9d9ba71acd3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new firefox-esr issues

Reply via email to