[Git][security-tracker-team/security-tracker][master] Allocate new DSA number for thundrbird

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 8 23:54:06 GMT 2025 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17516c2f by Salvatore Bonaccorso at 2025-02-09T00:53:49+01:00
Allocate new DSA number for thundrbird

Choosed to resolve the conflict by assigning a new DSA number for
thunberbird as the link generation on security.d.o already links to the
linux update for DSA 5860-1.

When releasing the linux DSA I got missed that there was a thunderbird
update already done but with missing DSA entry and already reserved DSA
5860-1.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -877,13 +877,14 @@ CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.20
 CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker without access ...)
 	- cassandra <itp> (bug #585905)
 CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From field of ...)
+	{DSA-5861-1}
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
 CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of ...)
 	- firefox 135.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020
 CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ES ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -891,7 +892,7 @@ CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firef
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1017
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1017
 CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ES ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -899,10 +900,11 @@ CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firef
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
 CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized links. T ...)
+	{DSA-5861-1}
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
 CVE-2025-1014 (Certificate length was not properly checked when added to a certificat ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -910,7 +912,7 @@ CVE-2025-1014 (Certificate length was not properly checked when added to a certi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1014
 CVE-2025-1013 (A race condition could have led to private browsing tabs being opened  ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -921,7 +923,7 @@ CVE-2025-1019 (The z-order of the browser windows could be manipulated to hide t
 	- firefox 135.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1019
 CVE-2025-1012 (A race during concurrent delazification could have led to a use-after- ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -929,7 +931,7 @@ CVE-2025-1012 (A race during concurrent delazification could have led to a use-a
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1012
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1012
 CVE-2025-1011 (A bug in WebAssembly code generation could have lead to a crash. It ma ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -940,7 +942,7 @@ CVE-2025-1018 (The fullscreen notification is prematurely hidden when fullscreen
 	- firefox 135.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1018
 CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom Highligh ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -948,7 +950,7 @@ CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom Hig
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1010
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1010
 CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT data,  ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 135.0-1
 	- firefox-esr 128.7.0esr-1
 	- thunderbird <unfixed>
@@ -20314,7 +20316,7 @@ CVE-2024-11698 (A flaw in handling fullscreen transitions may have inadvertently
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
 CVE-2024-11704 (A double-free issue could have occurred in `sec_pkcs7_decoder_start_de ...)
-	{DSA-5858-1 DLA-4045-1 DLA-4044-1}
+	{DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
 	- firefox 134.0-1
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Feb 2025] DSA-5861-1 thunderbird - security update
+	{CVE-2024-11704 CVE-2025-0510 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1015 CVE-2025-1016 CVE-2025-1017}
+	[bookworm] - thunderbird 1:128.7.0esr-1~deb12u1
 [08 Feb 2025] DSA-5860-1 linux - security update
 	{CVE-2024-36899 CVE-2024-49994 CVE-2024-50014 CVE-2024-50047 CVE-2024-50164 CVE-2024-50304 CVE-2024-53124 CVE-2024-53128 CVE-2024-53170 CVE-2024-53229 CVE-2024-53234 CVE-2024-53685 CVE-2024-56551 CVE-2024-56599 CVE-2024-56608 CVE-2024-56631 CVE-2024-56664 CVE-2024-56703 CVE-2024-57887 CVE-2024-57892 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57925 CVE-2024-57929 CVE-2024-57939 CVE-2024-57940 CVE-2024-57948 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21646 CVE-2025-21647 CVE-2025-21648 CVE-2025-21653 CVE-2025-21655 CVE-2025-21660 CVE-2025-21662 CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21671 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21683}
 	[bookworm] - linux 6.1.128-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17516c2f9a6b4b2b7ba035d9df604884df0e82c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17516c2f9a6b4b2b7ba035d9df604884df0e82c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250208/af8576ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list