[Git][security-tracker-team/security-tracker][master] Remove annotations related to rejected CVE-2025-3877

Wed Jun 11 21:20:31 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5574921 by Salvatore Bonaccorso at 2025-06-11T22:19:39+02:00
Remove annotations related to rejected CVE-2025-3877

As per mozilla: remove CVE-2025-3877 which was mistakenly marked as
fixed. This vulnerability was fixed in Thunderbird 128.11.1/139.0.2
under the identifier CVE-2025-5986.

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8325,9 +8325,6 @@ CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL h
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
 CVE-2025-3877
 	REJECTED
-	{DSA-5921-1 DLA-4167-1}
-	- thunderbird 1:128.10.1esr-1
-	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877
 CVE-2025-3875 (Thunderbird parses addresses in a way that can allow sender spoofing i ...)
 	{DSA-5921-1 DLA-4167-1}
 	- thunderbird 1:128.10.1esr-1


=====================================
data/DLA/list
=====================================
@@ -135,7 +135,7 @@
 	{CVE-2024-10394 CVE-2024-10396 CVE-2024-10397}
 	[bullseye] - openafs 1.8.6-5+deb11u1
 [16 May 2025] DLA-4167-1 thunderbird - security update
-	{CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932}
+	{CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093 CVE-2025-3875 CVE-2025-3909 CVE-2025-3932}
 	[bullseye] - thunderbird 1:128.10.1esr-1~deb11u1
 [16 May 2025] DLA-4166-1 xrdp - security update
 	{CVE-2023-40184 CVE-2023-42822 CVE-2024-39917}


=====================================
data/DSA/list
=====================================
@@ -62,7 +62,7 @@
 	{CVE-2025-4918 CVE-2025-4919}
 	[bookworm] - firefox-esr 128.10.1esr-1~deb12u1
 [16 May 2025] DSA-5921-1 thunderbird - security update
-	{CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932}
+	{CVE-2025-3875 CVE-2025-3909 CVE-2025-3932}
 	[bookworm] - thunderbird 1:128.10.1esr-1~deb12u1
 [15 May 2025] DSA-5920-1 chromium - security update
 	{CVE-2025-4609 CVE-2025-4664}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5574921266afca9ac86d1bb44bb017694cfea05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5574921266afca9ac86d1bb44bb017694cfea05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/0e9c1c9c/attachment-0001.htm>
