[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark SSPSA 201803-01 no-dsa, update fixed version for CVE-2017-12873 (does not…

Mon, 05 Mar 2018 01:47:06 -0800 

Thijs Kinkhorst pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
96006da2 by Thijs Kinkhorst at 2018-03-05T09:44:54+00:00
Mark SSPSA 201803-01 no-dsa, update fixed version for CVE-2017-12873 (does not 
change affected suites).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28,6 +28,10 @@ CVE-2018-7659
        RESERVED
 CVE-2018-XXXX [SSPSA 201803-01]
        - simplesamlphp 1.15.4-1
+       [stretch] - simplesamlphp <no-dsa> (Minor issue)
+       [jessie] - simplesamlphp <no-dsa> (Minor issue)
+       [wheezy] - simplesamlphp <no-dsa> (Minor issue)
+       NOTE: failure mode hard to trigger for an attacker, signing of redirect 
binding in many cases not that important
        NOTE: https://simplesamlphp.org/security/201803-01
        NOTE: 
https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
 CVE-2018-7658
@@ -33723,7 +33727,7 @@ CVE-2017-12874 (The InfoCard module 1.0 for 
SimpleSAMLphp allows attackers to sp
        NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
 CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to 
obtain ...)
        {DSA-4127-1 DLA-1205-1}
-       - simplesamlphp 1.14.10-1
+       - simplesamlphp 1.14.11-1
        NOTE: https://simplesamlphp.org/security/201612-04
        NOTE: Patches: 
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
        NOTE: 
https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to