[Git][security-tracker-team/security-tracker][master] thunderbird DSA

Thu May 1 18:59:39 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c47410b by Moritz Mühlenhoff at 2025-05-01T19:59:13+02:00
thunderbird DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5745,15 +5745,12 @@ CVE-2024-11084 (Helix ALM prior to 2025.1 returns distinct error responses durin
 	NOT-FOR-US: Helix ALM
 CVE-2025-3523 (When an email contains multiple attachments with external links via th ...)
 	- thunderbird <unfixed>
-	[bookworm] - thunderbird <postponed> (Fix along with May security release)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3523
 CVE-2025-2830 (By crafting a malformed file name for an attachment in a multipart mes ...)
 	- thunderbird <unfixed>
-	[bookworm] - thunderbird <postponed> (Fix along with May security release)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-2830
 CVE-2025-3522 (Thunderbird processes the X-Mozilla-External-Attachment-URL header to  ...)
 	- thunderbird <unfixed>
-	[bookworm] - thunderbird <postponed> (Fix along with May security release)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/#CVE-2025-3522
 CVE-2025-3622 (A vulnerability, which was classified as critical, has been found in X ...)
 	NOT-FOR-US: Xorbits Inference


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DSA-5912-1 thunderbird - security update
+	{CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093}
+	[bookworm] - thunderbird 1:128.10.0esr-1~deb12u1
 [30 Apr 2025] DSA-5911-1 request-tracker4 - security update
 	{CVE-2024-3262 CVE-2025-2545 CVE-2025-30087}
 	[bookworm] - request-tracker4 4.4.6+dfsg-1.1+deb12u2


=====================================
data/dsa-needed.txt
=====================================
@@ -65,8 +65,6 @@ sympa
 --
 tcpdf
 --
-thunderbird (jmm)
---
 vips
   Guilhem Moulin proposed a debdiff for review
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c47410b0fa84220f4e2a1ce1dc3a97d6ea06905

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c47410b0fa84220f4e2a1ce1dc3a97d6ea06905
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250501/e927ddd2/attachment-0001.htm>
