[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for CVE-2018-0486/xmltooling

Sat Jan 13 07:40:41 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d7ed26a by Salvatore Bonaccorso at 2018-01-13T08:40:21+01:00
Add note for CVE-2018-0486/xmltooling

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13185,6 +13185,8 @@ CVE-2018-0486
 	- xmltooling <unfixed>
 	[stretch] - xmltooling <not-affected> (Xerces is configured to disallow DTD use)
 	NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
+	NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already
+	NOTE: disallow DTD use.
 CVE-2017-17026
 	RESERVED
 CVE-2017-17025



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7ed26a944056c02b81e8bc4799f58a3568fd19

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3d7ed26a944056c02b81e8bc4799f58a3568fd19
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180113/e73f0287/attachment.html>
