[Git][security-tracker-team/security-tracker][master] new firefox-esr issues

Tue May 21 22:36:46 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25a6ec7d by Moritz Muehlenhoff at 2019-05-21T21:36:17Z
new firefox-esr issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1211,6 +1211,8 @@ CVE-2019-11699
 	RESERVED
 CVE-2019-11698
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
 CVE-2019-11697
 	RESERVED
 CVE-2019-11696
@@ -1219,12 +1221,20 @@ CVE-2019-11695
 	RESERVED
 CVE-2019-11694
 	RESERVED
+	- firefox-esr <not-affected> (Windows-specific)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
 CVE-2019-11693
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
 CVE-2019-11692
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
 CVE-2019-11691
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
 CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...)
 	- u-boot 2019.01+dfsg-6 (low; bug #928557)
 	[stretch] - u-boot <no-dsa> (Minor issue)
@@ -6520,16 +6530,28 @@ CVE-2019-9821
 	RESERVED
 CVE-2019-9820
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
 CVE-2019-9819
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
 CVE-2019-9818
 	RESERVED
+	- firefox-esr <not-affected> (Windows-specific)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
 CVE-2019-9817
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
 CVE-2019-9816
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
 CVE-2019-9815
 	RESERVED
+	- firefox-esr <not-affected> (MacOS-specific)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
 CVE-2019-9814
 	RESERVED
 CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confusion i ...)
@@ -6581,6 +6603,8 @@ CVE-2019-9801 (Firefox will accept any registered Program ID as an external prot
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801
 CVE-2019-9800
 	RESERVED
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
 CVE-2019-9799 (Insufficient bounds checking of data during inter-process communicatio ...)
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
@@ -6589,7 +6613,9 @@ CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB,
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798
 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
 	- firefox 66.0-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
 CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL animation contr ...)
 	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
 	- firefox-esr 60.6.0esr-1
@@ -12882,9 +12908,11 @@ CVE-2019-7318
 CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free because  ...)
 	{DSA-4435-1}
 	- libpng1.6 1.6.36-4 (bug #921355)
+	- firefox-esr <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
 	NOTE: https://github.com/glennrp/libpng/issues/275
 	NOTE: https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...)
 	NOT-FOR-US: CSS-TRICKS Chat2
 CVE-2019-7315
@@ -16600,6 +16628,8 @@ CVE-2019-5798
 	RESERVED
 	{DSA-4421-1}
 	- chromium 73.0.3683.75-1
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
 CVE-2019-5797
 	RESERVED
 	{DSA-4421-1}


=====================================
data/dsa-needed.txt
=====================================
@@ -23,6 +23,8 @@ faad2
 ffmpeg (jmm)
   ping upstream for 3.2.14 release catching up with recent issues  
 --
+firefox-esr (jmm)
+--
 glusterfs
 --
 graphicsmagick



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25a6ec7dcd2fb1e6b8df48bc7f95b9d9ba71acd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/25a6ec7dcd2fb1e6b8df48bc7f95b9d9ba71acd3
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190521/e5d18fdb/attachment-0001.html>
