[Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 11 06:47:29 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a31b8966 by Salvatore Bonaccorso at 2024-09-11T07:47:00+02:00
Track fixed version for thunderbird issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -744,7 +744,7 @@ CVE-2024-8509 (A vulnerability was found in Forklift Controller. There is no ver
 CVE-2024-8428 (The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-8394 (When aborting the verification of an OTR chat session, an attacker cou ...)
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
 	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8394
@@ -1587,21 +1587,21 @@ CVE-2024-8388 (Multiple prompts and panels from both Firefox and the Android OS
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8388
 CVE-2024-8387 (Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thun ...)
 	- firefox 130.0-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
 	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8387
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8387
 CVE-2024-8386 (If a site had been granted the permission to open popup windows, it co ...)
 	- firefox 130.0-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
 	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8386
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8386
 CVE-2024-8385 (A difference in the handling of StructFields and ArrayTypes in WASM co ...)
 	- firefox 130.0-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	[bookworm] - thunderbird <not-affected> (Vulnerable code not present)
 	[bullseye] - thunderbird <not-affected> (Vulnerable code not present)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8385
@@ -1610,7 +1610,7 @@ CVE-2024-8384 (The JavaScript garbage collector could mis-color cross-compartmen
 	{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8384
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8384
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8384
@@ -1625,7 +1625,7 @@ CVE-2024-8382 (Internal browser event interfaces were exposed to web content whe
 	{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8382
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8382
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8382
@@ -1634,7 +1634,7 @@ CVE-2024-8381 (A potentially exploitable type confusion could be triggered when
 	{DSA-5767-1 DSA-5765-1 DLA-3882-1 DLA-3869-1}
 	- firefox 130.0-1
 	- firefox-esr 115.15.0esr-1
-	- thunderbird <unfixed>
+	- thunderbird 1:128.2.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/#CVE-2024-8381
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-41/#CVE-2024-8381
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-43/#CVE-2024-8381



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31b896643ec9a8acea0ff4e0388b1b5ef8ce0dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a31b896643ec9a8acea0ff4e0388b1b5ef8ce0dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240911/8d6c5726/attachment.htm>

More information about the debian-security-tracker-commits mailing list