Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
47251c03 by Moritz Muehlenhoff at 2019-12-03T18:53:02Z
new firefox issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9892,18 +9892,42 @@ CVE-2019-17015
RESERVED
CVE-2019-17014
RESERVED
+ - firefox <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
CVE-2019-17013
RESERVED
+ - firefox <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
CVE-2019-17012
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012
CVE-2019-17011
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011
CVE-2019-17010
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010
CVE-2019-17009
RESERVED
+ - firefox <not-affected> (Updater not used in Debian packages)
+ - firefox-esr <not-affected> (Updater not used in Debian packages)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
CVE-2019-17008
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in
CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
RESERVED
{DLA-2015-1}
@@ -9917,6 +9941,10 @@ CVE-2019-17006
RESERVED
CVE-2019-17005
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005
CVE-2019-17004
RESERVED
CVE-2019-17003
@@ -19845,6 +19873,10 @@ CVE-2019-13723 (Use after free in WebBluetooth in
Google Chrome prior to 78.0.39
- chromium 78.0.3904.108-1
CVE-2019-13722
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722
CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to
78.0.3904.87 allowe ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
@@ -26164,6 +26196,8 @@ CVE-2019-11757
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
CVE-2019-11756
RESERVED
+ - firefox <unfixed>
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption
layer and a ...)
{DSA-4571-1 DLA-1997-1}
[experimental] - thunderbird 1:68.1.1-1~exp1
=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ curl (ghedo)
--
evince/oldstable
--
+firefox-esr (jmm)
+--
freeimage (hle)
--
glusterfs/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
