[Git][security-tracker-team/security-tracker][master] stretch triage
Moritz Muehlenhoff
jmm at debian.org
Tue Nov 13 21:39:53 GMT 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
051203e2 by Moritz Muehlenhoff at 2018-11-13T21:39:16Z
stretch triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -691,7 +691,8 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118
NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
- - poppler <unfixed> (bug #913177)
+ - poppler <unfixed> (low; bug #913177)
+ [stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...)
@@ -11159,9 +11160,11 @@ CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has
NOT-FOR-US: OpenBSD
CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...)
- symfony 3.4.14+dfsg-1
+ [stretch] - symfony <no-dsa> (Minor issue)
NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through ...)
- symfony 3.4.14+dfsg-1
+ [stretch] - symfony <no-dsa> (Minor issue)
NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution ...)
- ajaxplorer <itp> (bug #668381)
@@ -70267,9 +70270,11 @@ CVE-2017-11429
CVE-2017-11428
RESERVED
- ruby-saml 1.7.2-1 (bug #892865)
+ [stretch] - ruby-saml <no-dsa> (Minor issue)
NOTE: fixed in 1.7.0
NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
NOTE: https://www.kb.cert.org/vuls/id/475445
+ NOTE: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
CVE-2017-11427
RESERVED
NOT-FOR-US: OneLogin python-saml
=====================================
data/dsa-needed.txt
=====================================
@@ -63,8 +63,6 @@ smarty3
sssd
Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
--
-symfony
---
tiff
--
xml-security-c
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181113/6916dc31/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list