[Git][security-tracker-team/security-tracker][master] Add information of retrospectively added CVE-2022-3266/thunderbird

Thu Dec 22 20:30:36 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
449ec7df by Salvatore Bonaccorso at 2022-12-22T21:29:56+01:00
Add information of retrospectively added CVE-2022-3266/thunderbird

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22460,7 +22460,8 @@ CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca p
 CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This results ...)
-	TODO: check
+	- thunderbird 1:102.3.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266
 CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...)
 	- kitty 0.21.2-2 (bug #1020582)
 	[bullseye] - kitty <no-dsa> (Minor issue)


=====================================
data/DLA/list
=====================================
@@ -361,7 +361,7 @@
 	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923}
 	[buster] - webkit2gtk 2.38.0-1~deb10u1
 [27 Sep 2022] DLA-3123-1 thunderbird - security update
-	{CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
 	[buster] - thunderbird 1:102.3.0-1~deb10u1
 [27 Sep 2022] DLA-3122-1 dovecot - security update
 	{CVE-2021-33515 CVE-2022-30550}


=====================================
data/DSA/list
=====================================
@@ -202,7 +202,7 @@
 	{CVE-2021-45943}
 	[bullseye] - gdal 3.2.2+dfsg-2+deb11u2
 [27 Sep 2022] DSA-5238-1 thunderbird - security update
-	{CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
 	[bullseye] - thunderbird 1:102.3.0-1~deb11u1
 [23 Sep 2022] DSA-5237-1 firefox-esr - security update
 	{CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449ec7df00cb3df73fbf48b80161b60ae3455907

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449ec7df00cb3df73fbf48b80161b60ae3455907
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221222/f4fbd4d4/attachment-0001.htm>
