[Git][security-tracker-team/security-tracker][master] new firefox issues

Moritz Muehlenhoff Tue, 10 Mar 2020 14:19:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3097ef90 by Moritz Muehlenhoff at 2020-03-10T22:18:35+01:00
new firefox issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -392,9 +392,13 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet 
through 0.17 allows remote
        TODO: check further details
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in 
sctp_load_address ...)
        - libusrsctp <unfixed> (bug #953270)
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
        NOTE: 
https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
-       TODO: check, other sources firefox, firefox-esr, thunderbird and 
chromium ebed the library
+       TODO: check, other sources thunderbird and chromium ebed the library
 CVE-2020-10187
        RESERVED
 CVE-2020-10186
@@ -8002,26 +8006,60 @@ CVE-2020-6816
        RESERVED
 CVE-2020-6815
        RESERVED
+       - firefox <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
 CVE-2020-6814
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
 CVE-2020-6813
        RESERVED
+       - firefox <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
 CVE-2020-6812
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
 CVE-2020-6811
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
 CVE-2020-6810
        RESERVED
+       - firefox <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
 CVE-2020-6809
        RESERVED
+       - firefox <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
 CVE-2020-6808
        RESERVED
+       - firefox <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
 CVE-2020-6807
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
 CVE-2020-6806
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
 CVE-2020-6805
        RESERVED
+       - firefox <unfixed>
+       - firefox-esr <unfixed>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, 
allowing an a ...)
        NOT-FOR-US: Mozilla IOT
 CVE-2020-6803 (An open redirect is present on the gateway's login page, which 
could c ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,9 @@ amd64-microcode
 --
 chromium/stable
 --
-graphicsmagick
+firefox-esr (jmm)
+--
+graphicsmagick (jmm)
 --
 jruby/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new firefox issues

Reply via email to