[Git][security-tracker-team/security-tracker][master] new firefox issues

Moritz Muehlenhoff jmm at debian.org
Tue Dec 3 18:53:35 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47251c03 by Moritz Muehlenhoff at 2019-12-03T18:53:02Z
new firefox issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -9892,18 +9892,42 @@ CVE-2019-17015
 	RESERVED
 CVE-2019-17014
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
 CVE-2019-17013
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
 CVE-2019-17012
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012
 CVE-2019-17011
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011
 CVE-2019-17010
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010
 CVE-2019-17009
 	RESERVED
+	- firefox <not-affected> (Updater not used in Debian packages)
+	- firefox-esr <not-affected> (Updater not used in Debian packages)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
 CVE-2019-17008
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
 CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
 	RESERVED
 	{DLA-2015-1}
@@ -9917,6 +9941,10 @@ CVE-2019-17006
 	RESERVED
 CVE-2019-17005
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005
 CVE-2019-17004
 	RESERVED
 CVE-2019-17003
@@ -19845,6 +19873,10 @@ CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.39
 	- chromium 78.0.3904.108-1
 CVE-2019-13722
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722
 CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...)
 	{DSA-4562-1}
 	- chromium 78.0.3904.87-1
@@ -26164,6 +26196,8 @@ CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
 CVE-2019-11756
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
 	{DSA-4571-1 DLA-1997-1}
 	[experimental] - thunderbird 1:68.1.1-1~exp1


=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ curl (ghedo)
 --
 evince/oldstable
 --
+firefox-esr (jmm)
+--
 freeimage (hle)
 --
 glusterfs/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/47251c03a99b09be8dd03ef36145fcb4dd413a44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191203/10f18e9f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list