[Git][security-tracker-team/security-tracker][master] new thunderbird issues (fixed in sid)

Fri Jul 29 18:58:24 BST 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e9f5c5cb by Moritz Muehlenhoff at 2022-07-29T19:58:00+02:00
new thunderbird issues (fixed in sid)

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1515,7 +1515,9 @@ CVE-2022-35239
 CVE-2022-2505
 	RESERVED
 	- firefox 103.0-1
+	- thunderbird 1:102.1.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505
 CVE-2022-2504
 	RESERVED
 CVE-2022-2503
@@ -1612,15 +1614,19 @@ CVE-2022-36319
 	{DSA-5193-1}
 	- firefox 103.0-1
 	- firefox-esr 91.12.0esr-1
+	- thunderbird 1:102.1.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36319
 CVE-2022-36318
 	RESERVED
 	{DSA-5193-1}
 	- firefox 103.0-1
 	- firefox-esr 91.12.0esr-1
-	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320
+	- thunderbird 1:102.1.0-1
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36318
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36318
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36318
 CVE-2022-36317
 	RESERVED
 	- firefox <not-affected> (Android-specific)
@@ -1636,7 +1642,9 @@ CVE-2022-36315
 CVE-2022-36314
 	RESERVED
 	- firefox <not-affected> (Windows-specific)
+	- thunderbird <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36314
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36314
 CVE-2022-36313 (An issue was discovered in the file-type package before 16.5.4 and 17. ...)
 	NOT-FOR-US: Node file-type
 CVE-2022-2495 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -74,6 +74,8 @@ slurm-llnl/oldstable
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
+thunderbird
+--
 unzip
   unclear information, initial report indicates writable memory corruption, but
   some identified patch is just for a NULL deref, needs more clarification



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f5c5cb278f82938b2115d15b98e0f673de7fb2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9f5c5cb278f82938b2115d15b98e0f673de7fb2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220729/687c5baa/attachment.htm>
