[Git][security-tracker-team/security-tracker][master] Add information for CVE-2022-3266 covering firefox and firefox-esr

Thu Dec 22 20:34:42 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c687b49f by Salvatore Bonaccorso at 2022-12-22T21:34:07+01:00
Add information for CVE-2022-3266 covering firefox and firefox-esr

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22460,7 +22460,11 @@ CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca p
 CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This results ...)
+	- firefox 105.0-1
+	- firefox-esr 102.3.0esr-1
 	- thunderbird 1:102.3.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-3266
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266
 CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...)
 	- kitty 0.21.2-2 (bug #1020582)


=====================================
data/DLA/list
=====================================
@@ -367,7 +367,7 @@
 	{CVE-2021-33515 CVE-2022-30550}
 	[buster] - dovecot 1:2.3.4.1-5+deb10u7
 [26 Sep 2022] DLA-3121-1 firefox-esr - security update
-	{CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
 	[buster] - firefox-esr 102.3.0esr-1~deb10u2
 [26 Sep 2022] DLA-3120-1 poppler - security update
 	{CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903 CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337 CVE-2022-38784}


=====================================
data/DSA/list
=====================================
@@ -205,7 +205,7 @@
 	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
 	[bullseye] - thunderbird 1:102.3.0-1~deb11u1
 [23 Sep 2022] DSA-5237-1 firefox-esr - security update
-	{CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
+	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}
 	[bullseye] - firefox-esr 102.3.0esr-1~deb11u1
 [22 Sep 2022] DSA-5236-1 expat - security update
 	{CVE-2022-40674}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687b49f9da33217b11351439331bf24a47db9ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c687b49f9da33217b11351439331bf24a47db9ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221222/e6a1df62/attachment.htm>
