[Git][security-tracker-team/security-tracker][master] Provide more information for symfony issues
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 13 21:09:29 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ada18a3 by Salvatore Bonaccorso at 2019-11-13T21:08:45Z
Provide more information for symfony issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -114,18 +114,27 @@ CVE-2019-18891
RESERVED
CVE-2019-18890
RESERVED
-CVE-2019-18889
+CVE-2019-18889 [Forbid serializing AbstractAdapter and TagAwareAdapter instances]
RESERVED
- symfony 4.3.8+dfsg-1
-CVE-2019-18888
+ NOTE: https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
+ NOTE: https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
+CVE-2019-18888 [Prevent argument injection in a MimeTypeGuesser]
RESERVED
- symfony 4.3.8+dfsg-1
-CVE-2019-18887
+ NOTE: https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
+ NOTE: https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365
+ NOTE: https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5
+CVE-2019-18887 [Use constant time comparison in UriSigner]
RESERVED
- symfony 4.3.8+dfsg-1
-CVE-2019-18886
+ NOTE: https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
+ NOTE: https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
+CVE-2019-18886 [Prevent user enumeration using switch user functionality]
RESERVED
- symfony 4.3.8+dfsg-1
+ NOTE: https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality
+ NOTE: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332
CVE-2019-18885
RESERVED
CVE-2019-18884
@@ -25463,9 +25472,11 @@ CVE-2019-11327 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiv
NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...)
NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
-CVE-2019-11325
+CVE-2019-11325 [Fix escaping of strings in VarExporter]
RESERVED
- symfony 4.3.8+dfsg-1
+ NOTE: https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
+ NOTE: https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a
CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...)
- haproxy <not-affected> (Vulnerable code introduced in 1.9.x series in v1.9.2)
NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ada18a3c9886a6d8e8a40e43bcaec4bde861b15
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ada18a3c9886a6d8e8a40e43bcaec4bde861b15
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191113/7da272c5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list