[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2017-5461 affected firefox-esr

Wed Jul 29 11:30:56 BST 2020


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
965d1da1 by Emilio Pozuelo Monfort at 2020-07-29T12:24:11+02:00
CVE-2017-5461 affected firefox-esr

- - - - -
73b9b47a by Emilio Pozuelo Monfort at 2020-07-29T12:29:24+02:00
thunderbird wasn't affected by CVE-2018-5091

According to MFSA-2018-04. And so DSA-4102-1 didn't fix it.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -138739,7 +138739,7 @@ CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a We
 	- firefox 58.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
 CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC connections whe ...)
-	{DSA-4102-1 DSA-4096-1 DLA-1256-1}
+	{DSA-4096-1 DLA-1256-1}
 	- firefox 58.0-1
 	- firefox-esr 52.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
@@ -189663,9 +189663,11 @@ CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Serv
 CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through  ...)
 	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
 	- firefox 52.0.1-1
+	- firefox-esr 45.9.0esr-1
 	[experimental] - nss 2:3.30.1-1
 	- nss 2:3.26.2-1.1 (bug #862958)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
 	NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
 CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a combi ...)


=====================================
data/DSA/list
=====================================
@@ -2151,7 +2151,7 @@
 	{CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 CVE-2018-6119 CVE-2018-6055}
 	[stretch] - chromium-browser 64.0.3282.119-1~deb9u1
 [30 Jan 2018] DSA-4102-1 thunderbird - security update
-	{CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117}
+	{CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117}
 	[jessie] - thunderbird 1:52.6.0-1~deb8u1
 	[stretch] - thunderbird 1:52.6.0-1~deb9u1
 [30 Jan 2018] DSA-4094-2 smarty3 - regression update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/502e4642a13ba4202bc38edaed795d208c7cfca3...73b9b47af2e0fdc42ad85894d89fe14ccb976916

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/502e4642a13ba4202bc38edaed795d208c7cfca3...73b9b47af2e0fdc42ad85894d89fe14ccb976916
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200729/11772a0b/attachment.html>
