[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-18077
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 27 12:14:06 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
842ab81a by Salvatore Bonaccorso at 2018-01-27T13:13:46+01:00
Add CVE-2017-18077
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -52,6 +52,13 @@ CVE-2018-6326
RESERVED
CVE-2018-6325
RESERVED
+CVE-2017-18077 [regular expression denial of service]
+ - node-brace-expansion 1.1.8-1 (unimportant; bug #862712)
+ [stretch] - node-brace-expansion 1.1.6-1+deb9u1
+ NOTE: https://nodesecurity.io/advisories/338
+ NOTE: https://github.com/juliangruber/brace-expansion/issues/33
+ NOTE: https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
+ NOTE: nodejs not covered by security support
CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value ...)
[experimental] - ruby-omniauth 1.6.1-1
- ruby-omniauth <unfixed> (bug #888523)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/842ab81a0e94771f39c005759d943d073fde781c
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/842ab81a0e94771f39c005759d943d073fde781c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180127/67309ff1/attachment.html>
More information about the Secure-testing-commits
mailing list