[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 19 Dec 2021 12:10:36 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8017c166 by security tracker role at 2021-12-19T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1427,6 +1427,7 @@ CVE-2021-4077
        RESERVED
 CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
        RESERVED
+       {DSA-5025-1}
        - tang 11-1
        [buster] - tang <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/latchset/tang/pull/81
@@ -5478,6 +5479,7 @@ CVE-2021-43548
 CVE-2021-43547
        RESERVED
 CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks 
against u ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5485,6 +5487,7 @@ CVE-2021-43546 (It was possible to recreate previous 
cursor spoofing attacks aga
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
 CVE-2021-43545 (Using the Location API in a loop could have caused severe 
application  ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5495,6 +5498,7 @@ CVE-2021-43544 (When receiving a URL through a SEND 
intent, Firefox would have s
        - firefox <not-affected> (Only affects Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
 CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have 
escaped the ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5502,6 +5506,7 @@ CVE-2021-43543 (Documents loaded with the CSP sandbox 
directive could have escap
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
 CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified 
installed appl ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5509,6 +5514,7 @@ CVE-2021-43542 (Using XMLHttpRequest, an attacker could 
have identified installe
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
 CVE-2021-43541 (When invoking protocol handlers for external protocols, a 
supplied par ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5519,6 +5525,7 @@ CVE-2021-43540 (WebExtensions with the correct 
permissions were able to create a
        - firefox 95.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
 CVE-2021-43539 (Failure to correctly record the location of live pointers 
across wasm  ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5526,6 +5533,7 @@ CVE-2021-43539 (Failure to correctly record the location 
of live pointers across
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
 CVE-2021-43538 (By misusing a race in our notification code, an attacker could 
have fo ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5533,6 +5541,7 @@ CVE-2021-43538 (By misusing a race in our notification 
code, an attacker could h
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
 CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit 
integers all ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5540,6 +5549,7 @@ CVE-2021-43537 (An incorrect type conversion of sizes 
from 64bit to 32bit intege
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
 CVE-2021-43536 (Under certain circumstances, asynchronous functions could have 
caused  ...)
+       {DSA-5026-1}
        - firefox 95.0-1
        - firefox-esr 91.4.0esr-1
        - thunderbird 1:91.4.0-1
@@ -5547,6 +5557,7 @@ CVE-2021-43536 (Under certain circumstances, asynchronous 
functions could have c
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
 CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session 
object was r ...)
+       {DSA-5026-1}
        - firefox 93.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -5554,6 +5565,7 @@ CVE-2021-43535 (A use-after-free could have occured when 
an HTTP2 session object
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
 CVE-2021-43534 (Mozilla developers and community members reported memory 
safety bugs p ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19856,6 +19868,7 @@ CVE-2021-38510 (The executable file warning was not 
presented when downloading .
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
 CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a 
Javascript ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19863,6 +19876,7 @@ CVE-2021-38509 (Due to an unusual sequence of 
attacker-controlled events, a Java
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
 CVE-2021-38508 (By displaying a form validity message in the correct location 
at the s ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19870,6 +19884,7 @@ CVE-2021-38508 (By displaying a form validity message 
in the correct location at
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
 CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) 
allows a conn ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19877,6 +19892,7 @@ CVE-2021-38507 (The Opportunistic Encryption feature of 
HTTP2 (RFC 8164) allows
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
 CVE-2021-38506 (Through a series of navigations, Firefox could have entered 
fullscreen ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19891,6 +19907,7 @@ CVE-2021-38505 (Microsoft introduced a new feature in 
Windows 10 known as Cloud
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
 CVE-2021-38504 (When interacting with an HTML input element's file picker 
dialog with  ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1
@@ -19898,6 +19915,7 @@ CVE-2021-38504 (When interacting with an HTML input 
element's file picker dialog
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
 CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT 
stylesheet ...)
+       {DSA-5026-1}
        - firefox 94.0-1
        - firefox-esr 91.3.0esr-1
        - thunderbird 1:91.3.0-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8017c1669d19f802d790954017c04ba9c7d72e79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8017c1669d19f802d790954017c04ba9c7d72e79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to