[Git][security-tracker-team/security-tracker][master] new thunderbird issues


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2d424226 by Moritz Muehlenhoff at 2019-05-22T07:55:34Z
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1219,8 +1219,10 @@ CVE-2019-11698
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
 CVE-2019-11697
        RESERVED
        - firefox <unfixed>
@@ -1237,26 +1239,34 @@ CVE-2019-11694
        RESERVED
        - firefox <not-affected> (Windows-specific)
        - firefox-esr <not-affected> (Windows-specific)
+       - thunderbird <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
 CVE-2019-11693
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
 CVE-2019-11692
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
 CVE-2019-11691
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
 CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through 
v2019.04 la ...)
        - u-boot 2019.01+dfsg-6 (low; bug #928557)
        [stretch] - u-boot <no-dsa> (Minor issue)
@@ -6556,38 +6566,50 @@ CVE-2019-9820
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
 CVE-2019-9819
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
 CVE-2019-9818
        RESERVED
        - firefox <not-affected> (Windows-specific)
        - firefox-esr <not-affected> (Windows-specific)
+       - thunderbird <not-affected> (Windows-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
 CVE-2019-9817
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
 CVE-2019-9816
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
 CVE-2019-9815
        RESERVED
        - firefox <not-affected> (MacOS-specific)
        - firefox-esr <not-affected> (MacOS-specific)
+       - thunderbird <not-affected> (MacOS-specific)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
 CVE-2019-9814
        RESERVED
        - firefox <unfixed>
@@ -6643,8 +6665,10 @@ CVE-2019-9800
        RESERVED
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800
 CVE-2019-9799 (Insufficient bounds checking of data during inter-process 
communicatio ...)
        - firefox 66.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
@@ -6654,8 +6678,10 @@ CVE-2019-9798 (On Android systems, Firefox can load a 
library from APITRACE_LIB,
 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin 
policy ...)
        - firefox 66.0-1
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9797
 CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL 
animation contr ...)
        {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
        - firefox-esr 60.6.0esr-1
@@ -12950,11 +12976,13 @@ CVE-2019-7317 (png_image_free in png.c in libpng 
1.6.36 has a use-after-free bec
        - libpng1.6 1.6.36-4 (bug #921355)
        - firefox <unfixed>
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
        NOTE: https://github.com/glennrp/libpng/issues/275
        NOTE: 
https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317
 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. 
The us ...)
        NOT-FOR-US: CSS-TRICKS Chat2
 CVE-2019-7315
@@ -16671,7 +16699,9 @@ CVE-2019-5798
        {DSA-4421-1}
        - chromium 73.0.3683.75-1
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
 CVE-2019-5797
        RESERVED
        {DSA-4421-1}
@@ -34974,9 +35004,11 @@ CVE-2018-18512 (A use-after-free vulnerability can 
occur while playing a sound n
 CVE-2018-18511 (Cross-origin images can be read from a canvas element in 
violation of  ...)
        - firefox 65.0.1-1
        - firefox-esr 60.7.0esr-1
+       - thunderbird <unfixed>
        - skia <itp> (bug #818180)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511
+       NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
 CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be 
triggered by ...)
        - firefox 64.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18510


=====================================
data/dsa-needed.txt
=====================================
@@ -59,6 +59,8 @@ sssd
 --
 teeworlds
 --
+thunderbird (jmm)
+--
 wordpress
 --
 wpa



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d424226246e7634586e3d18a51231a92d2966c9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d424226246e7634586e3d18a51231a92d2966c9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Reply via email to