[Git][security-tracker-team/security-tracker][master] 2 commits: Mark smarty3 issues as no-dsa

Salvatore Bonaccorso carnil at debian.org
Thu Apr 2 22:26:00 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03a1e3ae by Salvatore Bonaccorso at 2020-04-02T23:25:00+02:00
Mark smarty3 issues as no-dsa

- - - - -
c9b588f6 by Salvatore Bonaccorso at 2020-04-02T23:25:28+02:00
Remove smarty3 from dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -91449,6 +91449,7 @@ CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponde
 	NOTE: Wordpress plugin
 CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir  ...)
 	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698)
+	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - smarty3 <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/smarty-php/smarty/issues/486
 	NOTE: CVE is about the include tag as an attack vector.
@@ -98984,6 +98985,7 @@ CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/in
 	NOT-FOR-US: ImpressCMS
 CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
 	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
+	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - smarty3 <not-affected> (vulnerable code not present)
 	NOTE: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
 	NOTE: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8


=====================================
data/dsa-needed.txt
=====================================
@@ -30,8 +30,6 @@ poppler (jmm)
 --
 python-reportlab (hle)
 --
-smarty3/oldstable
---
 squid/stable
 --
 squid3/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aed2ee6cb04769a562937d19509c9243d1b6bf5d...c9b588f68f4d35c5ce3a84540902980e6aa015c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aed2ee6cb04769a562937d19509c9243d1b6bf5d...c9b588f68f4d35c5ce3a84540902980e6aa015c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200402/2572f65a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list