Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0039d24b by Salvatore Bonaccorso at 2023-12-20T06:39:14+01:00
Track fixed version for firefox-esr issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2023-50761 (The signature of a digitally signed S/MIME
email message may opt
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.
This iss ...)
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
@@ -114,14 +114,14 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120.
Some of these bugs sho
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5,
and Thun ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially
undefined beha ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs.
This cou ...)
@@ -141,19 +141,19 @@ CVE-2023-6868 (In some instances, the user-agent would
allow push requests which
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a
heap buff ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
CVE-2023-6867 (The timing of a button click causing a popup to disappear was
approxim ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures
produced ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
@@ -163,33 +163,33 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked
proper exception handling.
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when
under mem ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in
`nsTextFragment` ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer
passed to ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing
uninitialized dat ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a
heap buf ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0039d24bc6b600461379a8fab99e6b8217a005f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0039d24bc6b600461379a8fab99e6b8217a005f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
