Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17516c2f by Salvatore Bonaccorso at 2025-02-09T00:53:49+01:00
Allocate new DSA number for thundrbird
Choosed to resolve the conflict by assigning a new DSA number for
thunberbird as the link generation on security.d.o already links to the
linux update for DSA 5860-1.
When releasing the linux DSA I got missed that there was a thunderbird
update already done but with missing DSA entry and already reserved DSA
5860-1.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -877,13 +877,14 @@ CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to
v12 SP2 Build (1204.20
CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker
without access ...)
- cassandra <itp> (bug #585905)
CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From
field of ...)
+ {DSA-5861-1}
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134.
Some of ...)
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020
CVE-2025-1017 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -891,7 +892,7 @@ CVE-2025-1017 (Memory safety bugs present in Firefox 134,
Thunderbird 134, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1017
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1017
CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134,
Firefox ES ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -899,10 +900,11 @@ CVE-2025-1016 (Memory safety bugs present in Firefox 134,
Thunderbird 134, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized
links. T ...)
+ {DSA-5861-1}
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
CVE-2025-1014 (Certificate length was not properly checked when added to a
certificat ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -910,7 +912,7 @@ CVE-2025-1014 (Certificate length was not properly checked
when added to a certi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1014
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1014
CVE-2025-1013 (A race condition could have led to private browsing tabs being
opened ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -921,7 +923,7 @@ CVE-2025-1019 (The z-order of the browser windows could be
manipulated to hide t
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1019
CVE-2025-1012 (A race during concurrent delazification could have led to a
use-after- ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -929,7 +931,7 @@ CVE-2025-1012 (A race during concurrent delazification
could have led to a use-a
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1012
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1012
CVE-2025-1011 (A bug in WebAssembly code generation could have lead to a
crash. It ma ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -940,7 +942,7 @@ CVE-2025-1018 (The fullscreen notification is prematurely
hidden when fullscreen
- firefox 135.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1018
CVE-2025-1010 (An attacker could have caused a use-after-free via the Custom
Highligh ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -948,7 +950,7 @@ CVE-2025-1010 (An attacker could have caused a
use-after-free via the Custom Hig
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1010
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1010
CVE-2025-1009 (An attacker could have caused a use-after-free via crafted XSLT
data, ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 135.0-1
- firefox-esr 128.7.0esr-1
- thunderbird <unfixed>
@@ -20314,7 +20316,7 @@ CVE-2024-11698 (A flaw in handling fullscreen
transitions may have inadvertently
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11698
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11698
CVE-2024-11704 (A double-free issue could have occurred in
`sec_pkcs7_decoder_start_de ...)
- {DSA-5858-1 DLA-4045-1 DLA-4044-1}
+ {DSA-5861-1 DSA-5858-1 DLA-4045-1 DLA-4044-1}
- firefox 134.0-1
- firefox-esr <unfixed>
- thunderbird <unfixed>
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Feb 2025] DSA-5861-1 thunderbird - security update
+ {CVE-2024-11704 CVE-2025-0510 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011
CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1015 CVE-2025-1016
CVE-2025-1017}
+ [bookworm] - thunderbird 1:128.7.0esr-1~deb12u1
[08 Feb 2025] DSA-5860-1 linux - security update
{CVE-2024-36899 CVE-2024-49994 CVE-2024-50014 CVE-2024-50047
CVE-2024-50164 CVE-2024-50304 CVE-2024-53124 CVE-2024-53128 CVE-2024-53170
CVE-2024-53229 CVE-2024-53234 CVE-2024-53685 CVE-2024-56551 CVE-2024-56599
CVE-2024-56608 CVE-2024-56631 CVE-2024-56664 CVE-2024-56703 CVE-2024-57887
CVE-2024-57892 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908
CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915
CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57925 CVE-2024-57929
CVE-2024-57939 CVE-2024-57940 CVE-2024-57948 CVE-2025-21631 CVE-2025-21636
CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21646
CVE-2025-21647 CVE-2025-21648 CVE-2025-21653 CVE-2025-21655 CVE-2025-21660
CVE-2025-21662 CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667
CVE-2025-21668 CVE-2025-21669 CVE-2025-21671 CVE-2025-21675 CVE-2025-21678
CVE-2025-21680 CVE-2025-21681 CVE-2025-21683}
[bookworm] - linux 6.1.128-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17516c2f9a6b4b2b7ba035d9df604884df0e82c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17516c2f9a6b4b2b7ba035d9df604884df0e82c4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
