[Git][security-tracker-team/security-tracker][master] new firefox-esr issues

Tue, 16 Apr 2024 09:20:05 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b9f3f0d6 by Moritz Muehlenhoff at 2024-04-16T18:19:04+02:00
new firefox-esr issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,33 +1,45 @@
 CVE-2024-3302
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
 CVE-2024-3865
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
 CVE-2024-3864
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
 CVE-2024-3863
        - firefox <not-affected> (Windows-specific)
+       - firefox-esr <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
 CVE-2024-3862
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
 CVE-2024-3861
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
 CVE-2024-3860
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
 CVE-2024-3859
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
 CVE-2024-3858
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
 CVE-2024-3857
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
 CVE-2024-3856
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
@@ -36,13 +48,17 @@ CVE-2024-3855
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
 CVE-2024-3854
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
 CVE-2024-3853
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
 CVE-2024-3852
        - firefox <unfixed>
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
        NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the 
Authorizat ...)
@@ -8734,7 +8750,9 @@ CVE-2024-2610 (Using a markup injection an attacker could 
have stolen nonce valu
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
 CVE-2024-2609 (The permission prompt input delay could have expired while the 
window  ...)
        - firefox 124.0-1
+       - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609
 CVE-2024-2608 (`AppendEncodedAttributeValue(), 
ExtraSpaceNeededForAttrEncoding()` and ...)
        {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
        - firefox 124.0-1


=====================================
data/dsa-needed.txt
=====================================
@@ -25,11 +25,13 @@ emacs
 --
 expat (carnil)
 --
+firefox-esr (jmm)
+--
 frr
 --
 gpac/oldstable
 --
-guix
+guix (jmm)
   Maintainer has proposed to handle this as DSA, proposed debdiffs
 --
 h2o (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f3f0d61f4a48c56b5e53797a947dde2a7aff61

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9f3f0d61f4a48c56b5e53797a947dde2a7aff61
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to