[Git][security-tracker-team/security-tracker][master] one symfony issue n/a
Moritz Muehlenhoff
jmm at debian.org
Mon Nov 18 22:01:06 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1a378fe by Moritz Muehlenhoff at 2019-11-18T22:00:40Z
one symfony issue n/a
jhead unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -187,8 +187,9 @@ CVE-2019-19037
CVE-2019-19036
RESERVED
CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...)
- - jhead <unfixed> (bug #944961)
+ - jhead <unfixed> (unimportant; bug #944961)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
+ NOTE: Crash in CLI tool, no security impact
CVE-2019-19034
RESERVED
CVE-2019-19033
@@ -496,6 +497,7 @@ CVE-2019-18889 [Forbid serializing AbstractAdapter and TagAwareAdapter instances
RESERVED
- symfony 4.3.8+dfsg-1
[buster] - symfony 3.4.22+dfsg-2+deb10u1
+ [stretch] - symfony <not-affected> (Vulnerable code not present)
[jessie] - symfony <not-affected> (Vulnerable code not present)
NOTE: https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
NOTE: https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1a378fe2d8325718601c279d6b1bb655309d367
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a1a378fe2d8325718601c279d6b1bb655309d367
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191118/b6d5469e/attachment.html>
More information about the debian-security-tracker-commits
mailing list