[Git][security-tracker-team/security-tracker][master] readd dom4j spu (the fixes from spu are only visible to the security tracker

Mon Sep 24 22:23:52 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f389051e by Moritz Muehlenhoff at 2018-09-24T21:23:02Z
readd dom4j spu (the fixes from spu are only visible to the security tracker
  by the time of the release of the point update)

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4234,6 +4234,7 @@ CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4
 	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection ...)
 	- dom4j 2.1.1-1 (low)
+	[stretch] - dom4j <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
 	NOTE: https://github.com/dom4j/dom4j/issues/48
 CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote ...)


=====================================
data/next-point-update.txt
=====================================
@@ -52,3 +52,5 @@ CVE-2018-13796
 	[stretch] - mailman 1:2.1.23-1+deb9u4
 CVE-2018-1000637
 	[stretch] - zutils 1.5-5+deb9u1
+CVE-2018-1000632
+	[stretch] - dom4j 1.6.1+dfsg.3-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f389051e6f1b8ed9eb14ed0d114183007aadfc61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f389051e6f1b8ed9eb14ed0d114183007aadfc61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180924/386ac569/attachment.html>
