[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-13818

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71194d32 by Salvatore Bonaccorso at 2018-09-21T19:09:28Z
Update information for CVE-2018-13818

MITRE will sync up the entry soon, clarifying the disputed status on the
entry.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8526,10 +8526,11 @@ CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management
 CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
 	NOT-FOR-US: CA Unified Infrastructure Management
 CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...)
-	- twig 2.4.4-2
-	[stretch] - twig <no-dsa> (Minor issue)
-	[jessie] - twig <no-dsa> (Minor issue)
+	- twig 2.4.4-2 (unimportant)
 	NOTE: Fixed upstream in 2.4.4
+	NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and
+	NOTE: it is the repsonsibility of the web applications using Twig to properly wrap
+	NOTE: input to it.
 CVE-2018-13817
 	RESERVED
 CVE-2018-13816



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180921/7569e6a5/attachment.html>