[Git][security-tracker-team/security-tracker][master] 5 commits: Add CVE-2018-18499/{firefox,firefox-esr,thunderbird}

Salvatore Bonaccorso carnil at debian.org
Fri Mar 1 08:48:04 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53a9efe0 by Salvatore Bonaccorso at 2019-03-01T08:44:53Z
Add CVE-2018-18499/{firefox,firefox-esr,thunderbird}

- - - - -
93a8a9b8 by Salvatore Bonaccorso at 2019-03-01T08:46:57Z
Add CVE-2018-18499 for DLA-1575-1/thunderbird

- - - - -
412ee506 by Salvatore Bonaccorso at 2019-03-01T08:47:14Z
Add CVE-2018-18499 for DLA-1571-1/firefox-esr

- - - - -
3ace3bed by Salvatore Bonaccorso at 2019-03-01T08:47:30Z
Add CVE-2018-18499 for DSA-4327-1/thunderbird

- - - - -
7e4e5391 by Salvatore Bonaccorso at 2019-03-01T08:47:44Z
Add CVE-2018-18499 for DSA-4287-1/firefox-esr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26497,7 +26497,12 @@ CVE-2018-18500 (A use-after-free vulnerability can occur while parsing an HTML5
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500
 CVE-2018-18499 (A same-origin policy violation allowing the theft of cross-origin URL ...)
-	TODO: check
+	- firefox 62.0-1
+	- firefox-esr 60.2.0esr-1
+	- thunderbird 1:60.2.1-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-18499
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-18499
 CVE-2018-18498 (A potential vulnerability leading to an integer overflow can occur ...)
 	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
 	- firefox 64.0-1


=====================================
data/DLA/list
=====================================
@@ -375,7 +375,7 @@
 	{CVE-2018-16837}
 	[jessie] - ansible 1.7.2+dfsg-2+deb8u1
 [12 Nov 2018] DLA-1575-1 thunderbird - security update
-	{CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393}
+	{CVE-2017-16541 CVE-2018-5156 CVE-2018-5187 CVE-2018-12361 CVE-2018-12367 CVE-2018-12371 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-18499}
 	[jessie] - thunderbird 1:60.3.0-1~deb8u1
 [11 Nov 2018] DLA-1574-1 imagemagick - security update
 	{CVE-2018-18025}
@@ -387,7 +387,7 @@
 	{CVE-2018-16845}
 	[jessie] - nginx 1.6.2-5+deb8u6
 [07 Nov 2018] DLA-1571-1 firefox-esr - security update
-	{CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397}
+	{CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397 CVE-2018-18499}
 	[jessie] - firefox-esr 60.3.0esr-1~deb8u1
 [07 Nov 2018] DLA-1569-2 libdatetime-timezone-perl - regression update
 	[jessie] - libdatetime-timezone-perl 1:1.75-2+2018g.1


=====================================
data/DSA/list
=====================================
@@ -235,7 +235,7 @@
 	{CVE-2018-14665}
 	[stretch] - xorg-server 2:1.19.2-1+deb9u4
 [25 Oct 2018] DSA-4327-1 thunderbird - security update
-	{CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385}
+	{CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-18499}
 	[stretch] - thunderbird 1:60.2.1-2~deb9u1
 [25 Oct 2018] DSA-4326-1 openjdk-8 - security update
 	{CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214}
@@ -357,7 +357,7 @@
 	{CVE-2018-15908 CVE-2018-15910 CVE-2018-15911 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16543 CVE-2018-16585 CVE-2018-15909}
 	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u4
 [07 Sep 2018] DSA-4287-1 firefox-esr - security update
-	{CVE-2018-12376 CVE-2018-12377 CVE-2018-12378}
+	{CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-18499}
 	[stretch] - firefox-esr 60.2.0esr-1~deb9u2
 [05 Sep 2018] DSA-4286-1 curl - security update
 	{CVE-2018-14618}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8913db710366ad2ae1cb6253b59ff2dcd376a74c...7e4e5391d99e612ab6853bdefeb13b21fbeba8e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8913db710366ad2ae1cb6253b59ff2dcd376a74c...7e4e5391d99e612ab6853bdefeb13b21fbeba8e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190301/308b2e98/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list