[Git][security-tracker-team/security-tracker][master] new thunderbird issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 9 19:00:19 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0504c6cb by Moritz Muehlenhoff at 2025-01-09T20:00:01+01:00
new thunderbird issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -899,44 +899,58 @@ CVE-2025-0243 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firef
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0243
 CVE-2025-0242 (Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ES ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0242
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0242
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0242
 CVE-2025-0241 (When segmenting specially crafted text, segmentation would corrupt mem ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0241
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0241
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0241
 CVE-2025-0240 (Parsing a JavaScript module as JSON could, under some circumstances, c ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0240
 CVE-2025-0239 (When using Alt-Svc, ALPN did not properly validate certificates when t ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0239
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0239
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0239
 CVE-2025-0238 (Assuming a controlled failed memory allocation, an attacker could have ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0238
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0238
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0238
 CVE-2025-0237 (The WebChannel API, which is used to transport various information acr ...)
 	{DSA-5839-1}
 	- firefox 134.0-1
 	- firefox-esr 128.6.0esr-1
+	- thunderbird 1:128.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/#CVE-2025-0237
 CVE-2025-0246 (When using an invalid protocol scheme, an attacker could spoof the add ...)
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0246


=====================================
data/dsa-needed.txt
=====================================
@@ -50,6 +50,8 @@ sogo
 --
 tcpdf
 --
+thunderbird (jmm)
+--
 trafficserver
 --
 wordpress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0504c6cbf5d65e542c2fca1f586434b63fb238a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0504c6cbf5d65e542c2fca1f586434b63fb238a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250109/f9986d80/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list