[Git][security-tracker-team/security-tracker][master] thunderbird DSA

Moritz Muehlenhoff (@jmm) Thu, 01 May 2025 10:59:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2c47410b by Moritz Mühlenhoff at 2025-05-01T19:59:13+02:00
thunderbird DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5745,15 +5745,12 @@ CVE-2024-11084 (Helix ALM prior to 2025.1 returns 
distinct error responses durin
        NOT-FOR-US: Helix ALM
 CVE-2025-3523 (When an email contains multiple attachments with external links 
via th ...)
        - thunderbird <unfixed>
-       [bookworm] - thunderbird <postponed> (Fix along with May security 
release)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
 CVE-2025-2830 (By crafting a malformed file name for an attachment in a 
multipart mes ...)
        - thunderbird <unfixed>
-       [bookworm] - thunderbird <postponed> (Fix along with May security 
release)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-2830
 CVE-2025-3522 (Thunderbird processes the X-Mozilla-External-Attachment-URL 
header to  ...)
        - thunderbird <unfixed>
-       [bookworm] - thunderbird <postponed> (Fix along with May security 
release)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3522
 CVE-2025-3622 (A vulnerability, which was classified as critical, has been 
found in X ...)
        NOT-FOR-US: Xorbits Inference


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DSA-5912-1 thunderbird - security update
+       {CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083 CVE-2025-4087 
CVE-2025-4091 CVE-2025-4093}
+       [bookworm] - thunderbird 1:128.10.0esr-1~deb12u1
 [30 Apr 2025] DSA-5911-1 request-tracker4 - security update
        {CVE-2024-3262 CVE-2025-2545 CVE-2025-30087}
        [bookworm] - request-tracker4 4.4.6+dfsg-1.1+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -65,8 +65,6 @@ sympa
 --
 tcpdf
 --
-thunderbird (jmm)
---
 vips
   Guilhem Moulin proposed a debdiff for review
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c47410b0fa84220f4e2a1ce1dc3a97d6ea06905

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c47410b0fa84220f4e2a1ce1dc3a97d6ea06905
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] thunderbird DSA

Reply via email to