new firefox-esr issues

author: Moritz Muehlenhoff <jmm@debian.org> 2024-04-16 18:19:04 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2024-04-16 18:19:04 +0200
commit: b9f3f0d61f4a48c56b5e53797a947dde2a7aff61 (patch)
tree: bb135b84be806325c84c7229aba502dc9b0a0e24
parent: 07416eed69b3c971910bec10804f38aa49e07a16 (diff)
2 files changed, 21 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 478cadff10..dadb3eab6f 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,33 +1,45 @@
 CVE-2024-3302
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302
 CVE-2024-3865
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865
 CVE-2024-3864
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864
 CVE-2024-3863
 	- firefox <not-affected> (Windows-specific)
+	- firefox-esr <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863
 CVE-2024-3862
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862
 CVE-2024-3861
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861
 CVE-2024-3860
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860
 CVE-2024-3859
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859
 CVE-2024-3858
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858
 CVE-2024-3857
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857
 CVE-2024-3856
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856
@@ -36,13 +48,17 @@ CVE-2024-3855
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855
 CVE-2024-3854
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854
 CVE-2024-3853
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853
 CVE-2024-3852
 	- firefox <unfixed>
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852
 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb)
 	NOT-FOR-US: mindsdb
 CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...)
@@ -8734,7 +8750,9 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610
 CVE-2024-2609 (The permission prompt input delay could have expired while the window  ...)
 	- firefox 124.0-1
+	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609
 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...)
 	{DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1}
 	- firefox 124.0-1
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 211dbb377a..20f918d809 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -25,11 +25,13 @@ emacs
 --
 expat (carnil)
 --
+firefox-esr (jmm)
+--
 frr
 --
 gpac/oldstable
 --
-guix
+guix (jmm)
   Maintainer has proposed to handle this as DSA, proposed debdiffs
 --
 h2o (jmm)
author	Moritz Muehlenhoff <jmm@debian.org>	2024-04-16 18:19:04 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2024-04-16 18:19:04 +0200
commit	b9f3f0d61f4a48c56b5e53797a947dde2a7aff61 (patch)
tree	bb135b84be806325c84c7229aba502dc9b0a0e24
parent	07416eed69b3c971910bec10804f38aa49e07a16 (diff)