[Git][security-tracker-team/security-tracker][master] slurm, symfony DSAs

Mon Nov 18 21:55:49 GMT 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b37e88c9 by Moritz Muehlenhoff at 2019-11-18T21:55:26Z
slurm, symfony DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,6 +495,7 @@ CVE-2019-18890 [SQL injection]
 CVE-2019-18889 [Forbid serializing AbstractAdapter and TagAwareAdapter instances]
 	RESERVED
 	- symfony 4.3.8+dfsg-1
+	[buster] - symfony 3.4.22+dfsg-2+deb10u1
 	[jessie] - symfony <not-affected> (Vulnerable code not present)
 	NOTE: https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
 	NOTE: https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
@@ -21641,6 +21642,7 @@ CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS
 	NOT-FOR-US: "Count per Day" plugin for WordPress
 CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
 	- slurm-llnl 19.05.3.2-1 (bug #931880)
+	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837
 	RESERVED


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,10 @@
+[18 Nov 2019] DSA-4573-1 symfony - security update
+	{CVE-2019-18887 CVE-2019-18888}
+	[stretch] - symfony 2.8.7+dfsg-1.3+deb9u3
+	[buster] - symfony 3.4.22+dfsg-2+deb10u1
+[18 Nov 2019] DSA-4572-1 slurm-llnl - security update
+	{CVE-2019-12838}
+	[buster] - slurm-llnl 18.08.5.2-1+deb10u1
 [17 Nov 2019] DSA-4571-1 thunderbird - security update
 	{CVE-2019-15903 CVE-2019-11764 CVE-2019-11763 CVE-2019-11762 CVE-2019-11761 CVE-2019-11760 CVE-2019-11759 CVE-2019-11757 CVE-2019-11755}
 	[stretch] - thunderbird 1:68.2.2-1~deb9u1


=====================================
data/dsa-needed.txt
=====================================
@@ -54,8 +54,6 @@ python-ecdsa (seb)
 --
 python-reportlab (hle)
 --
-slurm-llnl (jmm)
---
 smarty3/oldstable
 --
 squid3/oldstable
@@ -63,8 +61,6 @@ squid3/oldstable
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release.
 --
-symfony (jmm)
---
 tiff
   Maintainer working on updates
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b37e88c938d53e8ece7b54f761cf3f009e1387b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b37e88c938d53e8ece7b54f761cf3f009e1387b4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/0c035da0/attachment-0001.html>
