[Git][security-tracker-team/security-tracker][master] symfony triage
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 19 22:18:09 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8da68794 by Moritz Muehlenhoff at 2018-07-19T23:17:49+02:00
symfony triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5827,7 +5827,7 @@ CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the ...)
CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
NOT-FOR-US: MediaTek
CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in ...)
- - symfony <unfixed>
+ - symfony <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
NOT-FOR-US: joyplus-cms
@@ -7446,6 +7446,7 @@ CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending
NOT-FOR-US: Splunk
CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x ...)
- symfony <unfixed>
+ [stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 wasn't backported)
NOTE: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x before ...)
- symfony <unfixed>
@@ -40926,6 +40927,7 @@ CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x be
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
NOTE: https://github.com/symfony/symfony/pull/24995
+ NOTE: See CVE-2018-11408 for incomplete fix
CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...)
{DSA-4030-1 DLA-1193-1}
- roundcube 1.3.3+dfsg.1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8da6879474601bbddb25236b1b8adcc34484a9a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8da6879474601bbddb25236b1b8adcc34484a9a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180719/437417c4/attachment.html>
More information about the debian-security-tracker-commits
mailing list