Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d352ba09 by Salvatore Bonaccorso at 2025-11-14T21:54:49+01:00
Add thunderbird issues from mfsa2025-91
- - - - -
fd565de8 by Salvatore Bonaccorso at 2025-11-14T21:55:21+01:00
Add thunderbird to dsa-needed list and assign to jmm
- - - - -
ed5c1cfb by Salvatore Bonaccorso at 2025-11-14T21:56:39+01:00
Track fixed version for thunderbird issues via unstable
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1703,44 +1703,58 @@ CVE-2025-13015 (Spoofing issue in Firefox. This
vulnerability affects Firefox <
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13015
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13015
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13015
CVE-2025-13014 (Use-after-free in the Audio/Video component. This
vulnerability affect ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13014
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13014
CVE-2025-13020 (Use-after-free in the WebRTC: Audio/Video component. This
vulnerabilit ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13020
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13020
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13020
CVE-2025-13013 (Mitigation bypass in the DOM: Core & HTML component. This
vulnerabilit ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13013
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13013
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13013
CVE-2025-13019 (Same-origin policy bypass in the DOM: Workers component. This
vulnerab ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13019
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13019
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13019
CVE-2025-13018 (Mitigation bypass in the DOM: Security component. This
vulnerability a ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13018
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13018
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13018
CVE-2025-13017 (Same-origin policy bypass in the DOM: Notifications component.
This vu ...)
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13017
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13017
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13017
CVE-2025-13026 (Sandbox escape due to incorrect boundary conditions in the
Graphics: W ...)
- firefox 145.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13026
@@ -1754,8 +1768,10 @@ CVE-2025-13016 (Incorrect boundary conditions in the
JavaScript: WebAssembly com
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13016
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13016
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13016
CVE-2025-13023 (Sandbox escape due to incorrect boundary conditions in the
Graphics: W ...)
- firefox 145.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13023
@@ -1763,8 +1779,10 @@ CVE-2025-13012 (Race condition in the Graphics
component. This vulnerability aff
{DSA-6054-1 DLA-4370-1}
- firefox 145.0-1
- firefox-esr 140.5.0esr-1
+ - thunderbird 1:140.5.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/#CVE-2025-13012
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/#CVE-2025-13012
CVE-2025-13022 (Incorrect boundary conditions in the Graphics: WebGPU
component. This ...)
- firefox 145.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/#CVE-2025-13022
=====================================
data/dsa-needed.txt
=====================================
@@ -71,6 +71,8 @@ sogo/oldstable
--
sympa/oldstable
--
+thunderbird (jmm)
+--
tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/475518a8d1a1c0df277f762e4109b3911ea89c19...ed5c1cfb38ce465840718e6f7a2ca87fa2c397db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/475518a8d1a1c0df277f762e4109b3911ea89c19...ed5c1cfb38ce465840718e6f7a2ca87fa2c397db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
