[Git][security-tracker-team/security-tracker][master] Add CVE-2021-4129/{firefox*,thunderbird} from mfsa2021-{52,53,54}

Sun Dec 25 21:44:13 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3707a980 by Salvatore Bonaccorso at 2022-12-25T22:43:29+01:00
Add CVE-2021-4129/{firefox*,thunderbird} from mfsa2021-{52,53,54}

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81603,7 +81603,12 @@ CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
 CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2021-4129 (Mozilla developers and community members Julian Hector, Randell Jesup, ...)
-	TODO: check
+	- firefox 95.0-1
+	- firefox-esr 91.4.0esr-1
+	- thunderbird 1:91.4.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4129
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-4129
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-4129
 CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics object wa ...)
 	TODO: check
 CVE-2021-4127 (An out of date graphics library (Angle) likely contained vulnerabiliti ...)


=====================================
data/DSA/list
=====================================
@@ -915,7 +915,7 @@
 	[buster] - apache2 2.4.38-3+deb10u7
 	[bullseye] - apache2 2.4.52-1~deb11u2
 [02 Jan 2022] DSA-5034-1 thunderbird - security update
-	{CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+	{CVE-2021-4126 CVE-2021-4129 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
 	[buster] - thunderbird 1:91.4.1-1~deb10u1
 	[bullseye] - thunderbird 1:91.4.1-1~deb11u1
 [30 Dec 2021] DSA-5033-1 fort-validator - security update
@@ -947,7 +947,7 @@
 	[buster] - xorg-server 2:1.20.4-1+deb10u4
 	[bullseye] - xorg-server 2:1.20.11-1+deb11u1
 [19 Dec 2021] DSA-5026-1 firefox-esr - security update
-	{CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
+	{CVE-2021-4129 CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
 	[bullseye] - firefox-esr 91.4.1esr-1~deb11u1
 [19 Dec 2021] DSA-5025-1 tang - security update
 	{CVE-2021-4076}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3707a9802f801ac1a818d444bb15e4821d81f29e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3707a9802f801ac1a818d444bb15e4821d81f29e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221225/9800b443/attachment-0001.htm>
