[Git][security-tracker-team/security-tracker][master] Add fixing commit from fork for CVE-2017-1000190/simple-xml
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 20 20:45:07 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26e11606 by Salvatore Bonaccorso at 2019-09-20T19:43:02Z
Add fixing commit from fork for CVE-2017-1000190/simple-xml
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102015,6 +102015,8 @@ CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulne
[jessie] - simple-xml <no-dsa> (Minor issue)
[wheezy] - simple-xml <no-dsa> (Minor issue)
NOTE: https://github.com/ngallagher/simplexml/issues/18
+ NOTE: Fixing commit in a new fork of the library (which is renamed simple-xml-safe):
+ NOTE: https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd
CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...)
NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26e116068728c775f17f7fd839ab2ea031a6e95d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/26e116068728c775f17f7fd839ab2ea031a6e95d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190920/89f3c6e3/attachment.html>
More information about the debian-security-tracker-commits
mailing list