[Git][security-tracker-team/security-tracker][master] symfony in jessie not affected by CVE-2018-11406 and CVE-2017-16653

Thorsten Alteholz alteholz at debian.org
Wed Sep 12 14:59:19 BST 2018


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c00528fa by Thorsten Alteholz at 2018-09-12T13:55:45Z
symfony in jessie not affected by CVE-2018-11406 and CVE-2017-16653

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13814,6 +13814,7 @@ CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x b
 CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x ...)
 	{DSA-4262-1}
 	- symfony 3.4.12+dfsg-1
+	[jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
 	NOTE: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
 CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
 	NOT-FOR-US: Kliqqi
@@ -47866,6 +47867,7 @@ CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14
 CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
 	{DSA-4262-1}
 	- symfony 3.4.0+dfsg-1
+	[jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
 	NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
 	NOTE: https://github.com/symfony/symfony/pull/24992
 CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c00528fa9ef6305348030b96fd58ea3b0b1e85d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c00528fa9ef6305348030b96fd58ea3b0b1e85d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180912/06f3dc7e/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list