[Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2023-43

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 28 07:52:20 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4cbb244e by Salvatore Bonaccorso at 2023-09-28T08:51:16+02:00
Add new thunderbird issues from mfsa2023-43

While at it, upstream has updated the CVE-2023-5168 entry to mark it
only affecting products on Windows. So adjust as well the firefox and
firefox-esr entries accordingly.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -509,16 +509,20 @@ CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionali
 CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...)
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5176
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5176
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5176
 CVE-2023-5175 (During process shutdown, it was possible that an `ImageBitmap` was cre ...)
 	- firefox 118.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5175
 CVE-2023-5174 (If Windows failed to duplicate a handle during process creation, the s ...)
 	- firefox <not-affected> (Only affects Firefox on Windows)
 	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
+	- thunderbird <not-affected> (Only affects Thunderbird on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5174
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5174
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5174
 CVE-2023-5173 (In a non-standard configuration of Firefox, an integer overflow could  ...)
 	- firefox 118.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5173
@@ -528,21 +532,27 @@ CVE-2023-5172 (A hashtable  in the Ion Engine could have been mutated while ther
 CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a  ...)
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5171
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5171
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5171
 CVE-2023-5170 (In canvas rendering, a compromised content process could have caused a ...)
 	- firefox 118.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
 CVE-2023-5169 (A compromised content process could have provided malicious data in a  ...)
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
+	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5169
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5169
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5169
 CVE-2023-5168 (A compromised content process could have provided malicious data to `F ...)
-	- firefox 118.0-1
-	- firefox-esr 115.3.0esr-1
+	- firefox <not-affected> (Only affects Firefox on Windows)
+	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
+	- thunderbird <not-affected> (Only affects Thunderbird on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5168
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5168
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5168
 CVE-2023-5192 (Excessive Data Query Operations in a Large Data Table in GitHub reposi ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-5162 (The Options for Twenty Seventeen plugin for WordPress is vulnerable to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb244e07f3a85b2612157fe9cabb3d7f151464

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cbb244e07f3a85b2612157fe9cabb3d7f151464
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/368a4e8c/attachment.htm>

More information about the debian-security-tracker-commits mailing list