[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Sat Oct 26 15:48:41 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7aeafe71 by Moritz Muehlenhoff at 2019-10-26T14:48:17Z
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7355,11 +7355,13 @@ CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parse
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
 	- chromium <unfixed>
+	- thunderbird <unfixed>
 	NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
 	NOTE: https://github.com/libexpat/libexpat/issues/317
 	NOTE: https://github.com/libexpat/libexpat/pull/318
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-15903
 CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...)
 	{DSA-4531-1 DLA-1940-1}
 	- linux <unfixed>
@@ -20302,54 +20304,70 @@ CVE-2019-11764
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
 CVE-2019-11763
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
 CVE-2019-11762
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
 CVE-2019-11761
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
 CVE-2019-11760
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
 CVE-2019-11759
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
 CVE-2019-11758
 	RESERVED
 	- firefox-esr <not-affected> (Only an issue in combination with 360 Total Security)
+	- thunderbird <not-affected> (Only an issue in combination with 360 Total Security)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
 CVE-2019-11757
 	RESERVED
 	{DSA-4549-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
 CVE-2019-11756
 	RESERVED
 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
@@ -124019,7 +124037,6 @@ CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
 	NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
 	NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618
-	TODO: check if patch simplifying patch applied in any suite
 CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path ...)
 	NOT-FOR-US: InternetSoft FTP Commander
 CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -64,6 +64,8 @@ squid3/oldstable
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
 --
+thunderbird
+--
 wordpress
 --
 xen/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeafe716da22fe8d9836046799a8acf97ef06e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7aeafe716da22fe8d9836046799a8acf97ef06e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191026/8ad57bdf/attachment.html>
