[Git][security-tracker-team/security-tracker][master] Add entries for thunderbird for mfsa2021-{46,47}

Tue, 12 Oct 2021 12:19:07 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
813c700f by Salvatore Bonaccorso at 2021-10-12T21:18:25+02:00
Add entries for thunderbird for mfsa2021-{46,47}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8715,20 +8715,28 @@ CVE-2021-38503
        RESERVED
 CVE-2021-38502
        RESERVED
+       - thunderbird <undetermined>
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
+       TODO: double check, it was only referenced in mfsa2021-47 but not 
mfsa2021-46, but issue is about attack on SMTP STARTTLS connections
 CVE-2021-38501
        RESERVED
        - firefox 93.0-1
        - firefox-esr <not-affected> (Only affect Firefox 91 not in any 
supported suite in vulnerable version)
+       - thunderbird <not-affected> (Only affects Thunderbird 91 not in any 
supported suite in vulnerable version)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
 CVE-2021-38500
        RESERVED
        {DSA-4981-1 DLA-2782-1}
        - firefox 93.0-1
        - firefox-esr 91.2.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500
 CVE-2021-38499
        RESERVED
        - firefox 93.0-1
@@ -8737,22 +8745,29 @@ CVE-2021-38498
        RESERVED
        - firefox 93.0-1
        - firefox-esr <not-affected> (Only affect Firefox 91 not in any 
supported suite in vulnerable version)
+       - thunderbird <not-affected> (Only affects Thunderbird 91 not in any 
supported suite in vulnerable version)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498
 CVE-2021-38497
        RESERVED
        - firefox 93.0-1
        - firefox-esr <not-affected> (Only affect Firefox 91 not in any 
supported suite in vulnerable version)
+       - thunderbird <not-affected> (Only affects Thunderbird 91 not in any 
supported suite in vulnerable version)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
 CVE-2021-38496
        RESERVED
        {DSA-4981-1 DLA-2782-1}
        - firefox 93.0-1
        - firefox-esr 91.2.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496
 CVE-2021-38495
        RESERVED
        - thunderbird <not-affected> (Vulnerable code introduced later)
@@ -22172,12 +22187,14 @@ CVE-2021-32811 (Zope is an open-source web 
application server. Zope versions pri
 CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for 
building task ...)
        - firefox 93.0-1
        - firefox-esr <not-affected> (Only affect Firefox 91 not in any 
supported suite in vulnerable version)
+       - thunderbird <not-affected> (Only affects Thunderbird 91 not in any 
supported suite in vulnerable version)
        - rust-crossbeam-deque 0.7.4-1 (bug #993146)
        [bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue)
        [buster] - rust-crossbeam-deque <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810
 CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich 
content suppo ...)
        - ckeditor 4.16.2+dfsg-1 (bug #992291)
        [bullseye] - ckeditor <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813c700f2c95c742026a95300706dc42d63af689

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813c700f2c95c742026a95300706dc42d63af689
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to