From a6bcdbdbab6d8b9e0e967ccbd6b85722182639ca Mon Sep 17 00:00:00 2001
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 6 Sep 2024 12:15:33 -0400
Subject: [PATCH] Add missing OTR CVE

---
 announce/2024/mfsa2024-43.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/announce/2024/mfsa2024-43.yml b/announce/2024/mfsa2024-43.yml
index 8c445b0..e9da155 100644
--- a/announce/2024/mfsa2024-43.yml
+++ b/announce/2024/mfsa2024-43.yml
@@ -7,6 +7,14 @@ title: Security Vulnerabilities fixed in Thunderbird 128.2
 description: |
   *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.*
 advisories:
+  CVE-2024-8394:
+    title: Crash when aborting verification of OTR chat
+    impact: high
+    reporter: Thunderbird Team
+    description: |
+       When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash.
+    bugs:
+      - url: 1895737
   CVE-2024-8385:
     title: WASM type confusion involving ArrayTypes
     impact: high