[Git][security-tracker-team/security-tracker][master] new firefox issue

Tue Oct 22 16:50:13 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0b4b57d by Moritz Muehlenhoff at 2019-10-22T15:49:07Z
new firefox issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3825,10 +3825,16 @@ CVE-2019-17003
 	RESERVED
 CVE-2019-17002
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
 CVE-2019-17001
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001
 CVE-2019-17000
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
 	NOT-FOR-US: CloudBoot
 CVE-2019-16998
@@ -6832,9 +6838,13 @@ CVE-2019-15904
 CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
 	{DSA-4530-1 DLA-1912-1}
 	- expat 2.2.7-2 (bug #939394)
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
 	NOTE: https://github.com/libexpat/libexpat/issues/317
 	NOTE: https://github.com/libexpat/libexpat/pull/318
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903
 CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...)
 	{DSA-4531-1 DLA-1940-1}
 	- linux <unfixed>
@@ -19730,22 +19740,54 @@ CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffe
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
 CVE-2019-11765
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
 CVE-2019-11764
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
 CVE-2019-11763
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
 CVE-2019-11762
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
 CVE-2019-11761
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
 CVE-2019-11760
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
 CVE-2019-11759
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
 CVE-2019-11758
 	RESERVED
+	- firefox-esr <not-affected> (Only an issue in combination with 360 Total Security)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
 CVE-2019-11757
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
 CVE-2019-11756
 	RESERVED
 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
@@ -89053,6 +89095,8 @@ CVE-2018-6156 (Incorect derivation of a packet length in WebRTC in Google Chrome
 	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
 CVE-2018-6155 (Incorrect handling of frames in the VP8 parser in Google Chrome prior  ...)
 	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1


=====================================
data/dsa-needed.txt
=====================================
@@ -21,6 +21,8 @@ curl (ghedo)
 --
 evince/oldstable
 --
+firefox-esr
+--
 freeimage (hle)
 --
 glusterfs/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b4b57d8c535986bb74c605dc7ad2ab65f125b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0b4b57d8c535986bb74c605dc7ad2ab65f125b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/baf6621b/attachment.html>
