[Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 20 05:40:03 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0039d24b by Salvatore Bonaccorso at 2023-12-20T06:39:14+01:00
Track fixed version for firefox-esr issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103,7 +103,7 @@ CVE-2023-50761 (The signature of a digitally signed S/MIME email message may opt
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...)
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
@@ -114,14 +114,14 @@ CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs sho
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...)
@@ -141,19 +141,19 @@ CVE-2023-6868 (In some instances, the user-agent would allow push requests which
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
@@ -163,33 +163,33 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
- firefox <unfixed>
- - firefox-esr <unfixed>
+ - firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0039d24bc6b600461379a8fab99e6b8217a005f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0039d24bc6b600461379a8fab99e6b8217a005f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/79ed2981/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list