[Git][security-tracker-team/security-tracker][master] chromium, thunderbird DSAs

Sat Apr 22 17:04:02 BST 2023


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56e65e94 by Moritz Mühlenhoff at 2023-04-22T18:02:46+02:00
chromium, thunderbird DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4998,7 +4998,7 @@ CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation i
 	- php-guzzlehttp-psr7 2.4.5-1 (bug #1034581)
 	[bullseye] - php-guzzlehttp-psr7 <no-dsa> (Minor issue; can be fixed via point release)
 	- php-nyholm-psr7 1.5.1-2 (bug #1034597)
-	[bullseye] - php-nyholm-psr7  <no-dsa> (Minor issue; can be fixed via point release)
+	[bullseye] - php-nyholm-psr7 <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw
 	NOTE: https://github.com/guzzle/psr7/commit/0454e12ef0cd597ccd2adb036f7bda4e7fface66 (2.4.5)
 	NOTE: https://github.com/Nyholm/psr7/security/advisories/GHSA-wjfc-pgfp-pv9c
@@ -7621,7 +7621,6 @@ CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK f
 	[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
 	[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
 	- thunderbird 1:102.9.1-1
-	[bullseye] - thunderbird <postponed> (Minor issue, fix along with next monthly update)
 	[buster] - thunderbird <postponed> (Minor issue, fix along with next monthly update)
 	NOTE: https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0/
 	NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[22 Apr 2023] DSA-5393-1 chromium - security update
+	{CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137}
+	[bullseye] - chromium 112.0.5615.138-1~deb11u1
+[22 Apr 2023] DSA-5392-1 thunderbird - security update
+	{CVE-2023-0547 CVE-2023-1945 CVE-2023-28427 CVE-2023-29479 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550}
+	[bullseye] - thunderbird 1:102.10.0-1~deb11u1
 [20 Apr 2023] DSA-5391-1 libxml2 - security update
 	{CVE-2023-28484 CVE-2023-29469}
 	[bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u4


=====================================
data/dsa-needed.txt
=====================================
@@ -11,8 +11,6 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
---
-chromium
 --
 gpac (aron)
 --
@@ -61,8 +59,6 @@ samba
 sofia-sip
   Maintainer proposed debdiff for review with additional question and sent a followup
 --
-thunderbird (jmm)
---
 xrdp
   needs some additional clarification, tentatively DSA worthy
   maybe upgrade to 0.9.21 within bullseye?



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e65e94036f1bfaff02654dc422517591c0bdfa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56e65e94036f1bfaff02654dc422517591c0bdfa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230422/4e5ada7b/attachment-0001.htm>
