[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Moritz Muehlenhoff jmm at debian.org
Wed May 22 08:56:03 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d424226 by Moritz Muehlenhoff at 2019-05-22T07:55:34Z
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1219,8 +1219,10 @@ CVE-2019-11698
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698
 CVE-2019-11697
 	RESERVED
 	- firefox <unfixed>
@@ -1237,26 +1239,34 @@ CVE-2019-11694
 	RESERVED
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
+	- thunderbird <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694
 CVE-2019-11693
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693
 CVE-2019-11692
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692
 CVE-2019-11691
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691
 CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...)
 	- u-boot 2019.01+dfsg-6 (low; bug #928557)
 	[stretch] - u-boot <no-dsa> (Minor issue)
@@ -6556,38 +6566,50 @@ CVE-2019-9820
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820
 CVE-2019-9819
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819
 CVE-2019-9818
 	RESERVED
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
+	- thunderbird <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818
 CVE-2019-9817
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817
 CVE-2019-9816
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816
 CVE-2019-9815
 	RESERVED
 	- firefox <not-affected> (MacOS-specific)
 	- firefox-esr <not-affected> (MacOS-specific)
+	- thunderbird <not-affected> (MacOS-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815
 CVE-2019-9814
 	RESERVED
 	- firefox <unfixed>
@@ -6643,8 +6665,10 @@ CVE-2019-9800
 	RESERVED
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800
 CVE-2019-9799 (Insufficient bounds checking of data during inter-process communicatio ...)
 	- firefox 66.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799
@@ -6654,8 +6678,10 @@ CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB,
 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...)
 	- firefox 66.0-1
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9797
 CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL animation contr ...)
 	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
 	- firefox-esr 60.6.0esr-1
@@ -12950,11 +12976,13 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free bec
 	- libpng1.6 1.6.36-4 (bug #921355)
 	- firefox <unfixed>
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
 	NOTE: https://github.com/glennrp/libpng/issues/275
 	NOTE: https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317
 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...)
 	NOT-FOR-US: CSS-TRICKS Chat2
 CVE-2019-7315
@@ -16671,7 +16699,9 @@ CVE-2019-5798
 	{DSA-4421-1}
 	- chromium 73.0.3683.75-1
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798
 CVE-2019-5797
 	RESERVED
 	{DSA-4421-1}
@@ -34974,9 +35004,11 @@ CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound n
 CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of  ...)
 	- firefox 65.0.1-1
 	- firefox-esr 60.7.0esr-1
+	- thunderbird <unfixed>
 	- skia <itp> (bug #818180)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
 CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be triggered by ...)
 	- firefox 64.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18510


=====================================
data/dsa-needed.txt
=====================================
@@ -59,6 +59,8 @@ sssd
 --
 teeworlds
 --
+thunderbird (jmm)
+--
 wordpress
 --
 wpa



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d424226246e7634586e3d18a51231a92d2966c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d424226246e7634586e3d18a51231a92d2966c9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190522/67c053c9/attachment.html>

More information about the debian-security-tracker-commits mailing list