[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 22 09:21:15 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b48f0348 by security tracker role at 2018-07-22T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -40814,6 +40814,7 @@ CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminab
CVE-2017-16791
RESERVED
CVE-2017-16790 [Ensure that submitted data are uploaded files]
+ RESERVED
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
NOTE: https://github.com/symfony/symfony/pull/24993
@@ -41126,10 +41127,12 @@ CVE-2017-16656
CVE-2017-16655
RESERVED
CVE-2017-16654 [Intl bundle readers breaking out of paths]
+ RESERVED
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
NOTE: https://github.com/symfony/symfony/pull/24994
CVE-2017-16653 [CSRF protection does not use different tokens for HTTP and HTTPS]
+ RESERVED
- symfony 3.4.0+dfsg-1
NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
NOTE: https://github.com/symfony/symfony/pull/24992
@@ -57169,6 +57172,7 @@ CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-0
CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
NOT-FOR-US: Codiad
CVE-2017-11365 [Empty passwords validation issue]
+ RESERVED
- symfony <not-affected> (introduced in versions that were never packaged in Debian)
NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b48f03488ae2aa8db91078e8fd776e9d015e4b55
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b48f03488ae2aa8db91078e8fd776e9d015e4b55
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180722/7a43266b/attachment.html>
More information about the debian-security-tracker-commits
mailing list