Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: d2277139 by Moritz Muehlenhoff at 2023-08-29T16:59:51+02:00 new firefox issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,89 @@ +CVE-2023-4585 + - firefox <unfixed> + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 +CVE-2023-4584 + - firefox-esr <unfixed> + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 +CVE-2023-4583 + - firefox <unfixed> + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583 +CVE-2023-4582 + - firefox-esr <not-affected> (MacOS-specific) + - firefox <not-affected> (MacOS-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 +CVE-2023-4581 + - firefox-esr <unfixed> + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 +CVE-2023-4580 + - firefox <unfixed> + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580 +CVE-2023-4579 + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 +CVE-2023-4578 + - firefox <unfixed> + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578 +CVE-2023-4577 + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577 +CVE-2023-4576 + - firefox-esr <not-affected> (Windows-specific) + - firefox <not-affected> (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 +CVE-2023-4575 + - firefox-esr <unfixed> + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 +CVE-2023-4574 + - firefox-esr <unfixed> + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 +CVE-2023-4573 + - firefox-esr <unfixed> + - firefox <unfixed> + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573 CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) TODO: check CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) @@ -3690,7 +3776,12 @@ CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054 CVE-2023-4053 (A website could have obscured the full screen notification by using a ...) - firefox 116.0-1 + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053 CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...) - firefox <not-affected> (Affects only Firefox on Windows) - firefox-esr <not-affected> (Affects only Firefox ESR 115.0.1 on Windows) @@ -3700,7 +3791,12 @@ CVE-2023-4052 (The Firefox updater created a directory writable by non-privilege NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4052 CVE-2023-4051 (A website could have obscured the full screen notification by using th ...) - firefox 116.0-1 + - firefox-esr <unfixed> + [bookworm] - firefox-esr <not-affected> (ESR 102 not affected) + [bullseye] - firefox-esr <not-affected> (ESR 102 not affected) + [buster] - firefox-esr <not-affected> (ESR 102 not affected) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4051 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...) {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} - firefox 116.0-1 ===================================== data/dsa-needed.txt ===================================== @@ -18,6 +18,8 @@ cinder/oldstable -- file/oldstable -- +firefox-esr (jmm) +-- flac/oldstable -- frr (aron) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d227713923ba7240ffc7d8beb4680bbeaf5855ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d227713923ba7240ffc7d8beb4680bbeaf5855ca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
