[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] SAML vulns
Paul Wise
pabs at debian.org
Sat Mar 3 14:18:34 UTC 2018
Paul Wise pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd5dbfd6 by Paul Wise at 2018-03-03T22:18:18+08:00
SAML vulns
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19748,6 +19748,8 @@ CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Servi
- xmltooling 1.6.4-1
NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
+ NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+ NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
- mbedtls 2.7.0-2 (bug #890287)
- polarssl <removed>
@@ -37638,12 +37640,28 @@ CVE-2017-11431
RESERVED
CVE-2017-11430
RESERVED
+ - ruby-omniauth-saml <unfixed>
+ NOTE: fixed in 1.10.0
+ NOTE: https://github.com/omniauth/omniauth-saml/pull/157
+ NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+ NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11429
RESERVED
+ NOT-FOR-US: Clever saml2-js
+ NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+ NOTE: https://nodesecurity.io/advisories/567
+ NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11428
RESERVED
+ - ruby-saml <unfixed>
+ NOTE: fixed in 1.7.0
+ NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+ NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11427
RESERVED
+ NOT-FOR-US: OneLogin python-saml
+ NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
+ NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11426
RESERVED
CVE-2017-11425
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd5dbfd67418cbd6cf4c5a539f34fb476db0020b
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd5dbfd67418cbd6cf4c5a539f34fb476db0020b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180303/d2237c5c/attachment.html>
More information about the Secure-testing-commits
mailing list