[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fix for CVE-2018-0486 which will be included in DSA

Salvatore Bonaccorso carnil at debian.org
Tue Feb 27 20:02:47 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ee8f0c2 by Salvatore Bonaccorso at 2018-02-27T21:02:21+01:00
Record fix for CVE-2018-0486 which will be included in DSA

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19307,7 +19307,7 @@ CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allow
 CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)
 	{DSA-4085-1 DLA-1242-1}
 	- xmltooling 1.6.3-1
-	[stretch] - xmltooling <no-dsa> (Xerces is configured to disallow DTD use)
+	[stretch] - xmltooling 1.6.0-4+deb9u1
 	NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
 	NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already
 	NOTE: disallow DTD use.


=====================================
data/next-point-update.txt
=====================================
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -82,9 +82,6 @@ CVE-2018-6197
 	[stretch] - w3m 0.5.3-34+deb9u1
 CVE-2018-6198
 	[stretch] - w3m 0.5.3-34+deb9u1
-CVE-2018-0486
-	[stretch] - xmltooling 1.6.0-4+deb9u1
-	NOTE: discussed with release-team if 1.6.3-1~deb9u1 would be accepted
 CVE-2017-6418
 	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
 CVE-2017-6420



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180227/1cd089e0/attachment-0001.html>

More information about the Secure-testing-commits mailing list