Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fcec0c19 by Salvatore Bonaccorso at 2026-06-17T22:09:57+02:00
Track fixed version via unstable for thunderbird issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1668,20 +1668,20 @@ CVE-2026-12398 (A command injection vulnerability was 
found in galaxy_ng. The do
 CVE-2026-12330 (Incorrect boundary conditions in the Internationalization 
component. T ...)
        {DSA-6350-1}
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
 CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This 
vulnerability  ...)
        {DSA-6350-1}
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
 CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 
140.11,  ...)
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12328
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
@@ -1689,7 +1689,7 @@ CVE-2026-12327 (Memory safety bugs present in Firefox ESR 
140.11, Thunderbird ES
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12327
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12327
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12327
@@ -1700,7 +1700,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics: 
ImageLib component. This vuln
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12325
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
@@ -1708,7 +1708,7 @@ CVE-2026-12324 (Incorrect boundary conditions in the 
Graphics: CanvasWebGL compo
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12324
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12324
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12324
@@ -1742,7 +1742,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security 
component. This vulnerabi
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12315
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
@@ -1750,7 +1750,7 @@ CVE-2026-12314 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12314
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
@@ -1758,7 +1758,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in 
the Security: Process
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12313
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
@@ -1766,7 +1766,7 @@ CVE-2026-12312 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12312
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
@@ -1774,7 +1774,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in 
the Security: Process
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12311
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
@@ -1782,7 +1782,7 @@ CVE-2026-12310 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12310
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
@@ -1790,7 +1790,7 @@ CVE-2026-12309 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12309
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
@@ -1798,7 +1798,7 @@ CVE-2026-12308 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12308
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
@@ -1806,7 +1806,7 @@ CVE-2026-12307 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12307
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
@@ -1814,7 +1814,7 @@ CVE-2026-12306 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12306
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
@@ -1822,7 +1822,7 @@ CVE-2026-12305 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12305
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
@@ -1830,7 +1830,7 @@ CVE-2026-12304 (Same-origin policy bypass in the 
Networking: Cookies component.
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12304
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12304
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12304
@@ -1841,7 +1841,7 @@ CVE-2026-12302 (Mitigation bypass in the DOM: Security 
component. This vulnerabi
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12302
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12302
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12302
@@ -1855,7 +1855,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core & 
HTML component. This vulne
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12299
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
@@ -1863,7 +1863,7 @@ CVE-2026-12298 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12298
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
@@ -1871,7 +1871,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary 
conditions in the Netwo
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12297
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
@@ -1879,7 +1879,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process 
Sandboxing component. Th
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12296
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
@@ -1887,7 +1887,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation 
component. This vulnerabil
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12295
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
@@ -1895,7 +1895,7 @@ CVE-2026-12294 (Sandbox escape in the DOM: Workers 
component. This vulnerability
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12294
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12294
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12294
@@ -1906,7 +1906,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web 
Audio component. This v
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12292
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
@@ -1914,7 +1914,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP 
component. This vulnerabi
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12291
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
@@ -1922,7 +1922,7 @@ CVE-2026-12290 (Memory safety bug fixed in Thunderbird 
152. This vulnerability w
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12290
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
@@ -1930,7 +1930,7 @@ CVE-2026-12289 (Privilege escalation in the Graphics: 
WebRender component. This
        {DSA-6350-1}
        - firefox 152.0-1
        - firefox-esr 140.12.0esr-1
-       - thunderbird <unfixed>
+       - thunderbird 1:140.12.0esr-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12289
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12289
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12289



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcec0c195af3593df0dc35b43ad2215dfc8a001a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcec0c195af3593df0dc35b43ad2215dfc8a001a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to