[Git][security-tracker-team/security-tracker][master] stretch triage

Tue, 13 Nov 2018 13:40:37 -0800 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
051203e2 by Moritz Muehlenhoff at 2018-11-13T21:39:16Z
stretch triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -691,7 +691,8 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. 
There is a out-of-bou
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118
        NOTE: Issue in pdfdetach cli tool leading to crash
 CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a 
reachable abort ...)
-       - poppler <unfixed> (bug #913177)
+       - poppler <unfixed> (low; bug #913177)
+       [stretch] - poppler <ignored> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
        NOTE: 
https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
 CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted 
IMG ...)
@@ -11159,9 +11160,11 @@ CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c 
in OpenBSD 6.2 and 6.3 has
        NOT-FOR-US: OpenBSD
 CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 
2.7.48, ...)
        - symfony 3.4.14+dfsg-1
+       [stretch] - symfony <no-dsa> (Minor issue)
        NOTE: 
https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
 CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 
through ...)
        - symfony 3.4.14+dfsg-1
+       [stretch] - symfony <no-dsa> (Minor issue)
        NOTE: 
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
 CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code 
execution ...)
        - ajaxplorer <itp> (bug #668381)
@@ -70267,9 +70270,11 @@ CVE-2017-11429
 CVE-2017-11428
        RESERVED
        - ruby-saml 1.7.2-1 (bug #892865)
+       [stretch] - ruby-saml <no-dsa> (Minor issue)
        NOTE: fixed in 1.7.0
        NOTE: 
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
        NOTE: https://www.kb.cert.org/vuls/id/475445
+       NOTE: 
https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
 CVE-2017-11427
        RESERVED
        NOT-FOR-US: OneLogin python-saml


=====================================
data/dsa-needed.txt
=====================================
@@ -63,8 +63,6 @@ smarty3
 sssd
   Maintainer prepared an update and proposed debdiff, acked for upload, but 
update needs further testing before release.
 --
-symfony
---
 tiff
 --
 xml-security-c



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to