[Git][security-tracker-team/security-tracker][master] symfony in jessie not affected by CVE-2018-11406 and CVE-2017-16653
Thorsten Alteholz
alteholz at debian.org
Wed Sep 12 14:59:19 BST 2018
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c00528fa by Thorsten Alteholz at 2018-09-12T13:55:45Z
symfony in jessie not affected by CVE-2018-11406 and CVE-2017-16653
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13814,6 +13814,7 @@ CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x b
CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x ...)
{DSA-4262-1}
- symfony 3.4.12+dfsg-1
+ [jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
NOTE: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
NOT-FOR-US: Kliqqi
@@ -47866,6 +47867,7 @@ CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14
CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...)
{DSA-4262-1}
- symfony 3.4.0+dfsg-1
+ [jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
NOTE: https://github.com/symfony/symfony/pull/24992
CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c00528fa9ef6305348030b96fd58ea3b0b1e85d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c00528fa9ef6305348030b96fd58ea3b0b1e85d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180912/06f3dc7e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list