[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-7753/python-bleach assigned

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6088b620 by Salvatore Bonaccorso at 2018-03-08T06:18:56+01:00
CVE-2018-7753/python-bleach assigned

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28,11 +28,12 @@ CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerabilit
 	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
 	NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
 	NOTE: adresses CVE-2018-1000116 as well.
-CVE-2018-XXXX [URI values with character entities not properly sanitized]
+CVE-2018-7753 [URI values with character entities not properly sanitized]
 	- python-bleach 2.1.3-1 (bug #892252)
 	[stretch] - python-bleach <not-affected> (Vulnerable code introduced later)
 	[jessie] - python-bleach <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/mozilla/bleach/pull/356
+	NOTE: https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
 CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on ...)
 	- python3.7 <not-affected> (Windows-specific)
 	- python3.6 <not-affected> (Windows-specific)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180308/9be4250b/attachment-0001.html>