[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 19 20:10:25 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8017c166 by security tracker role at 2021-12-19T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1427,6 +1427,7 @@ CVE-2021-4077
 	RESERVED
 CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
 	RESERVED
+	{DSA-5025-1}
 	- tang 11-1
 	[buster] - tang <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/latchset/tang/pull/81
@@ -5478,6 +5479,7 @@ CVE-2021-43548
 CVE-2021-43547
 	RESERVED
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5485,6 +5487,7 @@ CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks aga
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
 CVE-2021-43545 (Using the Location API in a loop could have caused severe application  ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5495,6 +5498,7 @@ CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have s
 	- firefox <not-affected> (Only affects Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5502,6 +5506,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escap
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5509,6 +5514,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installe
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
 CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5519,6 +5525,7 @@ CVE-2021-43540 (WebExtensions with the correct permissions were able to create a
 	- firefox 95.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
 CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm  ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5526,6 +5533,7 @@ CVE-2021-43539 (Failure to correctly record the location of live pointers across
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
 CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5533,6 +5541,7 @@ CVE-2021-43538 (By misusing a race in our notification code, an attacker could h
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5540,6 +5549,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit intege
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused  ...)
+	{DSA-5026-1}
 	- firefox 95.0-1
 	- firefox-esr 91.4.0esr-1
 	- thunderbird 1:91.4.0-1
@@ -5547,6 +5557,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous functions could have c
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
+	{DSA-5026-1}
 	- firefox 93.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -5554,6 +5565,7 @@ CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
 CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19856,6 +19868,7 @@ CVE-2021-38510 (The executable file warning was not presented when downloading .
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19863,6 +19876,7 @@ CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Java
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
 CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19870,6 +19884,7 @@ CVE-2021-38508 (By displaying a form validity message in the correct location at
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19877,6 +19892,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
 CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19891,6 +19907,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
 CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with  ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1
@@ -19898,6 +19915,7 @@ CVE-2021-38504 (When interacting with an HTML input element's file picker dialog
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
+	{DSA-5026-1}
 	- firefox 94.0-1
 	- firefox-esr 91.3.0esr-1
 	- thunderbird 1:91.3.0-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8017c1669d19f802d790954017c04ba9c7d72e79

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8017c1669d19f802d790954017c04ba9c7d72e79
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211219/92f3f7a8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list