[Git][security-tracker-team/security-tracker][master] Add thunderbird from mfsa2023-32

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 3 21:12:15 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb2b5965 by Salvatore Bonaccorso at 2023-08-03T22:11:32+02:00
Add thunderbird from mfsa2023-32

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -212,21 +212,27 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox  ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055
 CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that these ...)
 	- firefox <not-affected> (Affects only Firefox on Windows)
 	- firefox-esr <not-affected> (Affects only Firefox on Windows)
+	- thunderbird <not-affected> (Affects only Thunderbird on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4054
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4054
 CVE-2023-4053 (A website could have obscured the full screen notification by using a  ...)
 	- firefox 116.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
@@ -241,39 +247,51 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi
 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer  ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
 CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
 CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
 CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
 CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4045
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045
 CVE-2023-36325 [Attackers can de-anonymize i2p hidden services with a message replay attack]
 	- i2p <unfixed>
 	NOTE: https://xeiaso.net/blog/CVE-2023-36325



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2b5965d1e6a5700e5c14f839119c5e9dd7b5b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2b5965d1e6a5700e5c14f839119c5e9dd7b5b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/dd36edc8/attachment.htm>

More information about the debian-security-tracker-commits mailing list