Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2a21ef5d by Moritz Muehlenhoff at 2026-05-20T15:22:35+02:00
thunderbird fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -512,14 +512,14 @@ CVE-2026-46529
CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and
Thunderbird 150. ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
@@ -535,7 +535,7 @@ CVE-2026-8971 (Same-origin policy bypass in the Networking:
JAR component. This
CVE-2026-8970 (Privilege escalation in the Security component. This
vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8970
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8970
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8970
@@ -545,7 +545,7 @@ CVE-2026-8969 (Mitigation bypass in the DOM: Security
component. This vulnerabil
CVE-2026-8968 (Denial-of-service due to invalid pointer in the Audio/Video:
Web Codec ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8968
@@ -567,14 +567,14 @@ CVE-2026-8963 (Spoofing issue in the Web Speech
component. This vulnerability wa
CVE-2026-8962 (Mitigation bypass in the DOM: Security component. This
vulnerability w ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8962
CVE-2026-8961 (Spoofing issue in the Form Autofill component. This
vulnerability was ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8961
@@ -591,42 +591,42 @@ CVE-2026-8959 (Sandbox escape due to incorrect boundary
conditions in the Widget
CVE-2026-8958 (Information disclosure, sandbox escape in the Security: Process
Sandbo ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8958
CVE-2026-8957 (Privilege escalation in the Enterprise Policies component. This
vulner ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8957
CVE-2026-8956 (Integer overflow in the Networking: JAR component. This
vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8956
CVE-2026-8955 (Privilege escalation in the DOM: Workers component. This
vulnerability ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8955
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8955
CVE-2026-8954 (Incorrect boundary conditions, integer overflow in the
Audio/Video com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8954
CVE-2026-8953 (Sandbox escape due to use-after-free in the Disability Access
APIs com ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8953
@@ -639,7 +639,7 @@ CVE-2026-8951 (Spoofing issue in the Toolbar component in
Firefox for Android. T
CVE-2026-8950 (Same-origin policy bypass in the Networking: HTTP component.
This vuln ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8950
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8950
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8950
@@ -656,14 +656,14 @@ CVE-2026-8948 (Same-origin policy bypass in the DOM:
Networking component. This
CVE-2026-8947 (Use-after-free in the DOM: Bindings (WebIDL) component. This
vulnerabi ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8947
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8947
CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs
component ...)
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8946
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8946
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8946
@@ -3903,14 +3903,14 @@ CVE-2026-8407 (Missing authorization in the PAM module
in Devolutions Server all
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This
vulnerability was ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8401
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8401
CVE-2026-8391 (Other issue in the JavaScript Engine component. This
vulnerability was ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8391
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8391
@@ -3923,7 +3923,7 @@ CVE-2026-8389 (JIT miscompilation in the JavaScript
Engine: JIT component. This
CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT
component. ...)
- firefox 150.0.3-1
- firefox-esr 140.11.0esr-1
- - thunderbird <unfixed>
+ - thunderbird 1:140.11.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/#CVE-2026-8388
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8388
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8388
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a21ef5d469e78c6e4690fe7ee9c72cf080faf11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a21ef5d469e78c6e4690fe7ee9c72cf080faf11
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
