[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Moritz Muehlenhoff (@jmm) Tue, 24 Jan 2023 06:41:07 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c66e2b50 by Moritz Muehlenhoff at 2023-01-24T15:40:21+01:00
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2182,8 +2182,10 @@ CVE-2023-23605
        {DSA-5322-1 DLA-3275-1}
        - firefox 109.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605
 CVE-2023-23604
        RESERVED
        - firefox 109.0-1
@@ -2193,22 +2195,28 @@ CVE-2023-23603
        {DSA-5322-1 DLA-3275-1}
        - firefox 109.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603
 CVE-2023-23602
        RESERVED
        {DSA-5322-1 DLA-3275-1}
        - firefox 109.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602
 CVE-2023-23601
        RESERVED
        {DSA-5322-1 DLA-3275-1}
        - firefox 109.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601
 CVE-2023-23600
        RESERVED
        - firefox <not-affected> (Only affects Firefox on Android)
@@ -2217,15 +2225,19 @@ CVE-2023-23599
        RESERVED
        - firefox <not-affected> (Only affects Firefox on Windows)
        - firefox-esr <not-affected> (Only affects Firefox on Windows)
+       - thunderbird <not-affected> (Only affects Thunderbird on Windows)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23599
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599
 CVE-2023-23598
        RESERVED
        {DSA-5322-1 DLA-3275-1}
        - firefox 109.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598
 CVE-2023-23597
        RESERVED
        - firefox 109.0-1
@@ -11446,8 +11458,10 @@ CVE-2022-46877 (By confusing the browser, the 
fullscreen notification could have
        {DSA-5322-1 DLA-3275-1}
        - firefox 108.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46877
 CVE-2022-46876
        RESERVED
 CVE-2022-46875 (The executable file warning was not presented when downloading 
.atloc  ...)
@@ -11480,8 +11494,10 @@ CVE-2022-46871 (An out of date library (libusrsctp) 
contained vulnerabilities th
        {DSA-5322-1 DLA-3275-1}
        - firefox 108.0-1
        - firefox-esr 102.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871
 CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation 
('Cross ...)
        NOT-FOR-US: Apache Zeppelin
 CVE-2022-46869


=====================================
data/dsa-needed.txt
=====================================
@@ -64,7 +64,9 @@ sofia-sip
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
-swift
+swift (jmm)
+--
+thunderbird (jmm)
 --
 tiff (aron)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66e2b50ebb82bb7b8dc41aa4f1265c454fda20b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66e2b50ebb82bb7b8dc41aa4f1265c454fda20b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Reply via email to