Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7aeafe71 by Moritz Muehlenhoff at 2019-10-26T14:48:17Z
new thunderbird issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7355,11 +7355,13 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML
input could fool the parse
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
- chromium <unfixed>
+ - thunderbird <unfixed>
NOTE:
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
NOTE: https://github.com/libexpat/libexpat/issues/317
NOTE: https://github.com/libexpat/libexpat/pull/318
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-15903
CVE-2019-15902 (A backporting error was discovered in the Linux
stable/longterm kernel ...)
{DSA-4531-1 DLA-1940-1}
- linux <unfixed>
@@ -20302,54 +20304,70 @@ CVE-2019-11764
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
CVE-2019-11763
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
CVE-2019-11762
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
CVE-2019-11761
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
CVE-2019-11760
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
CVE-2019-11759
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
CVE-2019-11758
RESERVED
- firefox-esr <not-affected> (Only an issue in combination with 360
Total Security)
+ - thunderbird <not-affected> (Only an issue in combination with 360
Total Security)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
CVE-2019-11757
RESERVED
{DSA-4549-1}
- firefox 70.0-1
- firefox-esr 68.2.0esr-1
+ - thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
CVE-2019-11756
RESERVED
CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption
layer and a ...)
@@ -124019,7 +124037,6 @@ CVE-2017-11750 (The ReadOneJNGImage function in
coders/png.c in ImageMagick 6.9.
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
NOTE: Fixed by (ImageMagick-6):
https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
NOTE: Issue introduced by the original patch for
https://github.com/ImageMagick/ImageMagick/issues/618
- TODO: check if patch simplifying patch applied in any suite
CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted
search path ...)
NOT-FOR-US: InternetSoft FTP Commander
CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing
DLL hij ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -64,6 +64,8 @@ squid3/oldstable
sssd
Maintainer prepared an update and proposed debdiff, acked for upload, but
update needs further testing before release.
--
+thunderbird
+--
wordpress
--
xen/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeafe716da22fe8d9836046799a8acf97ef06e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeafe716da22fe8d9836046799a8acf97ef06e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
