[Git][security-tracker-team/security-tracker][master] firefox fixed

Wed Oct 23 13:10:59 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e192bf3a by Moritz Muehlenhoff at 2019-10-23T12:10:15Z
firefox fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3929,15 +3929,15 @@ CVE-2019-17003
 	RESERVED
 CVE-2019-17002
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
 CVE-2019-17001
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001
 CVE-2019-17000
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
 	NOT-FOR-US: CloudBoot
@@ -6942,7 +6942,7 @@ CVE-2019-15904
 CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...)
 	{DSA-4530-1 DLA-1912-1}
 	- expat 2.2.7-2 (bug #939394)
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
 	NOTE: https://github.com/libexpat/libexpat/issues/317
@@ -11128,8 +11128,10 @@ CVE-2019-14514
 CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...)
 	{DLA-1921-1}
 	- dnsmasq 2.76-1
+	[buster] - dnsmasq <no-dsa> (Minor issue)
+	[stretch] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
-	TODO: Find the relevant isolated changes in the 2.76 release to address the issue.
+	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
 CVE-2019-14512
 	RESERVED
 CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and  ...)
@@ -19850,41 +19852,41 @@ CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffe
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
 CVE-2019-11765
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
 CVE-2019-11764
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
 CVE-2019-11763
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
 CVE-2019-11762
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
 CVE-2019-11761
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
 CVE-2019-11760
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
 CVE-2019-11759
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
@@ -19894,7 +19896,7 @@ CVE-2019-11758
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
 CVE-2019-11757
 	RESERVED
-	- firefox <unfixed>
+	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
@@ -89205,7 +89207,7 @@ CVE-2018-6156 (Incorect derivation of a packet length in WebRTC in Google Chrome
 	{DSA-4256-1}
 	- chromium-browser 68.0.3440.75-1
 	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
-	- firefox <unfixed>
+	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
 CVE-2018-6155 (Incorrect handling of frames in the VP8 parser in Google Chrome prior  ...)
 	{DSA-4256-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e192bf3a3f112c2647bd0c50686e63165e62364f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e192bf3a3f112c2647bd0c50686e63165e62364f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191023/0216efb1/attachment.html>
