Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits: dc5c60a2 by Antoine Beaupré at 2018-11-01T16:38:52Z CVE-2018-16831 also N/A in jessie - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5006,8 +5006,10 @@ CVE-2018-1002000 NOTE: Wordpress plugin CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...) - smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698) + [jessie] - smarty3 <not-affected> (vulnerable code not present) NOTE: https://github.com/smarty-php/smarty/issues/486 NOTE: CVE is about the include tag as an attack vector. + NOTE: vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28 CVE-2018-16830 RESERVED CVE-2018-16829 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc5c60a21173407cd48504cc07d05f4ced0d1a41 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc5c60a21173407cd48504cc07d05f4ced0d1a41 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits