[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues (mfsa2023-55) via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 19 21:45:32 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db9a1781 by Salvatore Bonaccorso at 2023-12-19T22:44:49+01:00
Track fixed version for thunderbird issues (mfsa2023-55) via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,14 +97,14 @@ CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora
 CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...)
 	TODO: check
 CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...)
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
 CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...)
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
 CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.  This iss ...)
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
 CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...)
@@ -115,7 +115,7 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs sho
 CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
@@ -142,7 +142,7 @@ CVE-2023-6868 (In some instances, the user-agent would allow push requests which
 CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
@@ -154,7 +154,7 @@ CVE-2023-6867 (The timing of a button click causing a popup to disappear was app
 CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
@@ -164,21 +164,21 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling.
 CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
 CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment`  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
 CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
@@ -190,7 +190,7 @@ CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialize
 CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
-	- thunderbird <unfixed>
+	- thunderbird 1:115.6.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9a17811e0639eccfc2f31660f0b6e10f1a5490

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db9a17811e0639eccfc2f31660f0b6e10f1a5490
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/ca198966/attachment.htm>

More information about the debian-security-tracker-commits mailing list