Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db9a1781 by Salvatore Bonaccorso at 2023-12-19T22:44:49+01:00
Track fixed version for thunderbird issues (mfsa2023-55) via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,14 +97,14 @@ CVE-2023-34027 (Deserialization of Untrusted Data
vulnerability in Rajnish Arora
CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4
and cla ...)
TODO: check
CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally
signed text ...)
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
CVE-2023-50761 (The signature of a digitally signed S/MIME email message may
optionall ...)
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.
This iss ...)
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs
showed e ...)
@@ -115,7 +115,7 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120.
Some of these bugs sho
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5,
and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
@@ -142,7 +142,7 @@ CVE-2023-6868 (In some instances, the user-agent would
allow push requests which
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a
heap buff ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
@@ -154,7 +154,7 @@ CVE-2023-6867 (The timing of a button click causing a popup
to disappear was app
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures
produced ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
@@ -164,21 +164,21 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked
proper exception handling.
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when
under mem ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in
`nsTextFragment` ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer
passed to ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
@@ -190,7 +190,7 @@ CVE-2023-6865 (`EncryptingOutputStream` was susceptible to
exposing uninitialize
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a
heap buf ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- - thunderbird <unfixed>
+ - thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9a17811e0639eccfc2f31660f0b6e10f1a5490
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9a17811e0639eccfc2f31660f0b6e10f1a5490
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
