[Git][security-tracker-team/security-tracker][master] new firefox issues

Moritz Muehlenhoff jmm at debian.org
Tue Mar 10 21:18:53 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3097ef90 by Moritz Muehlenhoff at 2020-03-10T22:18:35+01:00
new firefox issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -392,9 +392,13 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
 	TODO: check further details
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
 	- libusrsctp <unfixed> (bug #953270)
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
 	NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
-	TODO: check, other sources firefox, firefox-esr, thunderbird and chromium ebed the library
+	TODO: check, other sources thunderbird and chromium ebed the library
 CVE-2020-10187
 	RESERVED
 CVE-2020-10186
@@ -8002,26 +8006,60 @@ CVE-2020-6816
 	RESERVED
 CVE-2020-6815
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
 CVE-2020-6814
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
 CVE-2020-6813
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
 CVE-2020-6812
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
 CVE-2020-6811
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
 CVE-2020-6810
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
 CVE-2020-6809
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
 CVE-2020-6808
 	RESERVED
+	- firefox <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
 CVE-2020-6807
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
 CVE-2020-6806
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
 CVE-2020-6805
 	RESERVED
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...)
 	NOT-FOR-US: Mozilla IOT
 CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,9 @@ amd64-microcode
 --
 chromium/stable
 --
-graphicsmagick
+firefox-esr (jmm)
+--
+graphicsmagick (jmm)
 --
 jruby/oldstable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200310/652b25f7/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list