[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 24 14:40:55 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c66e2b50 by Moritz Muehlenhoff at 2023-01-24T15:40:21+01:00
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2182,8 +2182,10 @@ CVE-2023-23605
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 109.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605
 CVE-2023-23604
 	RESERVED
 	- firefox 109.0-1
@@ -2193,22 +2195,28 @@ CVE-2023-23603
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 109.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603
 CVE-2023-23602
 	RESERVED
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 109.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602
 CVE-2023-23601
 	RESERVED
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 109.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601
 CVE-2023-23600
 	RESERVED
 	- firefox <not-affected> (Only affects Firefox on Android)
@@ -2217,15 +2225,19 @@ CVE-2023-23599
 	RESERVED
 	- firefox <not-affected> (Only affects Firefox on Windows)
 	- firefox-esr <not-affected> (Only affects Firefox on Windows)
+	- thunderbird <not-affected> (Only affects Thunderbird on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23599
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599
 CVE-2023-23598
 	RESERVED
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 109.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598
 CVE-2023-23597
 	RESERVED
 	- firefox 109.0-1
@@ -11446,8 +11458,10 @@ CVE-2022-46877 (By confusing the browser, the fullscreen notification could have
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 108.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46877
 CVE-2022-46876
 	RESERVED
 CVE-2022-46875 (The executable file warning was not presented when downloading .atloc  ...)
@@ -11480,8 +11494,10 @@ CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities th
 	{DSA-5322-1 DLA-3275-1}
 	- firefox 108.0-1
 	- firefox-esr 102.7.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871
 CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Apache Zeppelin
 CVE-2022-46869


=====================================
data/dsa-needed.txt
=====================================
@@ -64,7 +64,9 @@ sofia-sip
 sox
   patch needed for CVE-2021-40426, check with upstream
 --
-swift
+swift (jmm)
+--
+thunderbird (jmm)
 --
 tiff (aron)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66e2b50ebb82bb7b8dc41aa4f1265c454fda20b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c66e2b50ebb82bb7b8dc41aa4f1265c454fda20b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230124/fab6131d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list