[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-1000433/python-pysaml2
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 5 08:25:02 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f3455a4 by Salvatore Bonaccorso at 2018-01-05T09:24:38+01:00
Add CVE-2017-1000433/python-pysaml2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2910,7 +2910,9 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open ...)
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with ...)
- TODO: check
+ - python-pysaml2 <unfixed>
+ NOTE: https://github.com/rohe/pysaml2/issues/451
+ NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting ...)
TODO: check
CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f3455a4ddf51366d8e8aaecea40d519642e7ced
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f3455a4ddf51366d8e8aaecea40d519642e7ced
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180105/96a57623/attachment.html>
More information about the Secure-testing-commits
mailing list