[Git][security-tracker-team/security-tracker][master] Reserve DLA-4239-1 for thunderbird

Fri Jul 11 21:53:42 BST 2025


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0d61d40 by Adrian Bunk at 2025-07-11T23:53:28+03:00
Reserve DLA-4239-1 for thunderbird

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10119,7 +10119,6 @@ CVE-2024-1243 (Improper input validation in the Wazuh agent for Windows prior to
 CVE-2025-5986 (A crafted HTML email using mailbox:/// links can trigger automatic, un ...)
 	{DSA-5959-1}
 	- thunderbird 1:128.12.0esr-1
-	[bullseye] - thunderbird <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/#CVE-2025-5986
 CVE-2025-49710 (An integer overflow was present in `OrderedHashTable` used by the Java ...)
 	- firefox 139.0.4-1


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jul 2025] DLA-4239-1 thunderbird - security update
+	{CVE-2025-5986 CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430}
+	[bullseye] - thunderbird 1:128.12.0esr-1~deb11u1
 [09 Jul 2025] DLA-4238-1 sslh - security update
 	{CVE-2025-52936}
 	[bullseye] - sslh 1.20-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -353,9 +353,6 @@ systemd (charles)
   NOTE: 20250627: Mail to mailing list with proposed fix and inquiry about
   NOTE: 20250627: buffer overflow issue (https://lists.debian.org/debian-lts/2025/06/msg00035.html)
 --
-thunderbird (bunk)
-  NOTE: 20250710: Added by Front-Desk (apo)
---
 tomcat9 (Markus Koschany)
   NOTE: 20250613: Added by maintainer (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d61d405bf81fd95b52d2bbf6c8330f7a45754d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d61d405bf81fd95b52d2bbf6c8330f7a45754d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/55798fb0/attachment-0001.htm>
