[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark SSPSA 201803-01 no-dsa, update fixed version for CVE-2017-12873 (does not…
Thijs Kinkhorst
thijs at debian.org
Mon Mar 5 09:46:30 UTC 2018
Thijs Kinkhorst pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96006da2 by Thijs Kinkhorst at 2018-03-05T09:44:54+00:00
Mark SSPSA 201803-01 no-dsa, update fixed version for CVE-2017-12873 (does not change affected suites).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28,6 +28,10 @@ CVE-2018-7659
RESERVED
CVE-2018-XXXX [SSPSA 201803-01]
- simplesamlphp 1.15.4-1
+ [stretch] - simplesamlphp <no-dsa> (Minor issue)
+ [jessie] - simplesamlphp <no-dsa> (Minor issue)
+ [wheezy] - simplesamlphp <no-dsa> (Minor issue)
+ NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important
NOTE: https://simplesamlphp.org/security/201803-01
NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
CVE-2018-7658
@@ -33723,7 +33727,7 @@ CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to sp
NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
{DSA-4127-1 DLA-1205-1}
- - simplesamlphp 1.14.10-1
+ - simplesamlphp 1.14.11-1
NOTE: https://simplesamlphp.org/security/201612-04
NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180305/ec1aa601/attachment.html>
More information about the Secure-testing-commits
mailing list