[Git][security-tracker-team/security-tracker][master] Add fixed version for (unimportant) CVE-2018-12040/symfony
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 3 20:55:33 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d24ac7aa by Salvatore Bonaccorso at 2018-08-03T19:54:59Z
Add fixed version for (unimportant) CVE-2018-12040/symfony
Cf. https://github.com/symfony/symfony/issues/28002
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7079,7 +7079,8 @@ CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the ...)
CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
NOT-FOR-US: MediaTek
CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in ...)
- - symfony <unfixed> (unimportant)
+ - symfony 3.4.12+dfsg-1 (unimportant)
+ NOTE: https://github.com/symfony/symfony/issues/28002
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
NOT-FOR-US: joyplus-cms
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24ac7aaae586b638e759f8c8ccf052df01dbdbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d24ac7aaae586b638e759f8c8ccf052df01dbdbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180803/981801b5/attachment.html>
More information about the debian-security-tracker-commits
mailing list