Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 47251c03 by Moritz Muehlenhoff at 2019-12-03T18:53:02Z new firefox issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -9892,18 +9892,42 @@ CVE-2019-17015 RESERVED CVE-2019-17014 RESERVED + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014 CVE-2019-17013 RESERVED + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 CVE-2019-17012 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012 CVE-2019-17011 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011 CVE-2019-17010 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010 CVE-2019-17009 RESERVED + - firefox <not-affected> (Updater not used in Debian packages) + - firefox-esr <not-affected> (Updater not used in Debian packages) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009 CVE-2019-17008 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008 CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS] RESERVED {DLA-2015-1} @@ -9917,6 +9941,10 @@ CVE-2019-17006 RESERVED CVE-2019-17005 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005 CVE-2019-17004 RESERVED CVE-2019-17003 @@ -19845,6 +19873,10 @@ CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.39 - chromium 78.0.3904.108-1 CVE-2019-13722 RESERVED + - firefox <unfixed> + - firefox-esr <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722 CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 @@ -26164,6 +26196,8 @@ CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757 CVE-2019-11756 RESERVED + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...) {DSA-4571-1 DLA-1997-1} [experimental] - thunderbird 1:68.1.1-1~exp1 ===================================== data/dsa-needed.txt ===================================== @@ -21,6 +21,8 @@ curl (ghedo) -- evince/oldstable -- +firefox-esr (jmm) +-- freeimage (hle) -- glusterfs/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits