[Git][security-tracker-team/security-tracker][master] Add fixing commit from fork for CVE-2017-1000190/simple-xml

Salvatore Bonaccorso carnil at debian.org
Fri Sep 20 20:45:07 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26e11606 by Salvatore Bonaccorso at 2019-09-20T19:43:02Z
Add fixing commit from fork for CVE-2017-1000190/simple-xml

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102015,6 +102015,8 @@ CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulne
 	[jessie] - simple-xml <no-dsa> (Minor issue)
 	[wheezy] - simple-xml <no-dsa> (Minor issue)
 	NOTE: https://github.com/ngallagher/simplexml/issues/18
+	NOTE: Fixing commit in a new fork of the library (which is renamed simple-xml-safe):
+	NOTE: https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd
 CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...)
 	NOT-FOR-US: Phoenix Framework
 CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26e116068728c775f17f7fd839ab2ea031a6e95d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26e116068728c775f17f7fd839ab2ea031a6e95d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190920/89f3c6e3/attachment.html>


More information about the debian-security-tracker-commits mailing list