[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add temporary workaround for SSPSA 201802-01 until CVE assigned and remove…

Salvatore Bonaccorso carnil at debian.org
Fri Mar 2 06:42:54 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d70dab19 by Salvatore Bonaccorso at 2018-03-02T07:40:41+01:00
Add temporary workaround for SSPSA 201802-01 until CVE assigned and remove no-dsa tags from entries included in DSA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -201,6 +201,8 @@ CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV gue
 	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
 CVE-2018-XXXX [SSPSA 201802-01: Check for supported signature algorithms when casting a key]
 	- simplesamlphp 1.15.3-1
+	[stretch] - simplesamlphp 1.14.11-1+deb9u1
+	[jessie] - simplesamlphp 1.13.1-2+deb8u1
 	NOTE: https://simplesamlphp.org/security/201802-01
 	NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
 CVE-2018-7537
@@ -3190,8 +3192,6 @@ CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsi
 CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...)
 	{DLA-1273-1}
 	- simplesamlphp 1.15.2-1
-	[stretch] - simplesamlphp <no-dsa> (Minor issue)
-	[jessie] - simplesamlphp <no-dsa> (Minor issue)
 	NOTE: https://simplesamlphp.org/security/201801-03
 CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...)
 	- simplesamlphp 1.15.2-1
@@ -3201,8 +3201,6 @@ CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an 
 	NOTE: https://simplesamlphp.org/security/201801-02
 CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 ...)
 	- simplesamlphp 1.15.2-1
-	[stretch] - simplesamlphp <no-dsa> (Minor issue)
-	[jessie] - simplesamlphp <no-dsa> (Minor issue)
 	[wheezy] - simplesamlphp <ignored> (Minor issue)
 	NOTE: https://simplesamlphp.org/security/201801-01
 	NOTE: The issue lies in the simplesamlphp/saml2 part, which is



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d70dab191ba93c2a128ef7b7d88632a87736488c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d70dab191ba93c2a128ef7b7d88632a87736488c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180302/a419e6a7/attachment.html>

More information about the Secure-testing-commits mailing list