From b9f3f0d61f4a48c56b5e53797a947dde2a7aff61 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 16 Apr 2024 18:19:04 +0200 Subject: new firefox-esr issues --- data/CVE/list | 18 ++++++++++++++++++ data/dsa-needed.txt | 4 +++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/data/CVE/list b/data/CVE/list index 478cadff10..dadb3eab6f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,33 +1,45 @@ CVE-2024-3302 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3302 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302 CVE-2024-3865 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3865 CVE-2024-3864 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3864 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864 CVE-2024-3863 - firefox (Windows-specific) + - firefox-esr (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3863 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3863 CVE-2024-3862 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3862 CVE-2024-3861 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3861 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861 CVE-2024-3860 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3860 CVE-2024-3859 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3859 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859 CVE-2024-3858 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3858 CVE-2024-3857 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3857 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857 CVE-2024-3856 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3856 @@ -36,13 +48,17 @@ CVE-2024-3855 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3855 CVE-2024-3854 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3854 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854 CVE-2024-3853 - firefox NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3853 CVE-2024-3852 - firefox + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-18/#CVE-2024-3852 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852 CVE-2024-3575 (Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb) NOT-FOR-US: mindsdb CVE-2024-3574 (In scrapy version 2.10.1, an issue was identified where the Authorizat ...) @@ -8734,7 +8750,9 @@ CVE-2024-2610 (Using a markup injection an attacker could have stolen nonce valu NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610 CVE-2024-2609 (The permission prompt input delay could have expired while the window ...) - firefox 124.0-1 + - firefox-esr NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/#CVE-2024-2609 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609 CVE-2024-2608 (`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and ...) {DSA-5644-1 DSA-5643-1 DLA-3775-1 DLA-3769-1} - firefox 124.0-1 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 211dbb377a..20f918d809 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -25,11 +25,13 @@ emacs -- expat (carnil) -- +firefox-esr (jmm) +-- frr -- gpac/oldstable -- -guix +guix (jmm) Maintainer has proposed to handle this as DSA, proposed debdiffs -- h2o (jmm) -- cgit v1.2.3