[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: add note about simplesamlphp

Tue Feb 27 19:13:53 UTC 2018

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker


Commits:
883cc4ef by Antoine Beaupré at 2018-02-27T13:50:42-05:00
add note about simplesamlphp

- - - - -
2f1ec33c by Antoine Beaupré at 2018-02-27T13:58:39-05:00
sign and timestamp my dla-ndeed entries

- - - - -
b81021c7 by Antoine Beaupré at 2018-02-27T14:01:39-05:00
add postgres, simplesamlphp, xen to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,6 +11,7 @@ CVE-2018-XXXX [XSA-252: DoS via non-preemptable L3/L4 pagetable freeing]
 CVE-2018-XXXX [SSPSA 201802-01]
 	- simplesamlphp 1.15.3-1
 	NOTE: https://simplesamlphp.org/security/201802-01
+	NOTE: upstream fix is just to bump the simplesamlphp/saml2 dependency, so patch is probably really: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
 CVE-2018-7537
 	RESERVED
 CVE-2018-7536


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -18,7 +18,7 @@ dovecot (Thorsten Alteholz)
 drupal7 (Markus Koschany)
 --
 elinks
-  NOTE: maintainer is on the security team (jmm), no notice sent
+  NOTE: 20180226: maintainer is on the security team (jmm), no notice sent (anarcat)
 --
 gcc-4.6 (Roberto C. Sánchez)
   NOTE: Backport the retpoline support for spectre mitigation.
@@ -79,12 +79,18 @@ opencv (Thorsten Alteholz)
 openjdk-7 (Emilio Pozuelo)
 --
 php5
-  NOTE: consider reviewing the backlog of "unimportant" issues fixed in jessie to see if it is worth fixing a few DOS in the backlog
+  NOTE: 20180226: consider reviewing the backlog of issues fixed in jessie to see if it is worth fixing a few DOS in the backlog (anarcat)
+--
+postgresql-9.1
+  NOTE: 20180227: confirm jessie's diagnostic (N/A) and see if it applies to wheezy. maintainer not contacted yet.
 --
 ruby1.9.1 (Emilio Pozuelo)
 --
 rubygems (Emilio Pozuelo)
 --
+simplesamlphp
+  NOTE: 20180227: details under embargo (anarcat)
+--
 tiff
   NOTE: incomplete fix of CVE-2017-18013
 --
@@ -94,3 +100,4 @@ wordpress
   NOTE: 20180217: Upstream unsure how to fix at the moment (lamby)
   NOTE: 20180221: Upstream still unsure how to fix (lamby)
 --
+xen



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e37bf341f52003d1e10cf53d58779f471af5eaeb...b81021c7ee2e5e1df67399b13f83660ca6c1f2fb

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e37bf341f52003d1e10cf53d58779f471af5eaeb...b81021c7ee2e5e1df67399b13f83660ca6c1f2fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180227/d0332782/attachment-0001.html>
