[Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff
jmm at debian.org
Tue Mar 10 21:18:53 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3097ef90 by Moritz Muehlenhoff at 2020-03-10T22:18:35+01:00
new firefox issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -392,9 +392,13 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
TODO: check further details
CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
- libusrsctp <unfixed> (bug #953270)
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992
NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
- TODO: check, other sources firefox, firefox-esr, thunderbird and chromium ebed the library
+ TODO: check, other sources thunderbird and chromium ebed the library
CVE-2020-10187
RESERVED
CVE-2020-10186
@@ -8002,26 +8006,60 @@ CVE-2020-6816
RESERVED
CVE-2020-6815
RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
CVE-2020-6814
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
CVE-2020-6813
RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
CVE-2020-6812
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
CVE-2020-6811
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
CVE-2020-6810
RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
CVE-2020-6809
RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
CVE-2020-6808
RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
CVE-2020-6807
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
CVE-2020-6806
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
CVE-2020-6805
RESERVED
+ - firefox <unfixed>
+ - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...)
NOT-FOR-US: Mozilla IOT
CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,9 @@ amd64-microcode
--
chromium/stable
--
-graphicsmagick
+firefox-esr (jmm)
+--
+graphicsmagick (jmm)
--
jruby/oldstable
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3097ef90e31f99fcc19df8ac976a041de247621e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200310/652b25f7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list