Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 051203e2 by Moritz Muehlenhoff at 2018-11-13T21:39:16Z stretch triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -691,7 +691,8 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 NOTE: Issue in pdfdetach cli tool leading to crash CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...) - - poppler <unfixed> (bug #913177) + - poppler <unfixed> (low; bug #913177) + [stretch] - poppler <ignored> (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ...) @@ -11159,9 +11160,11 @@ CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has NOT-FOR-US: OpenBSD CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...) - symfony 3.4.14+dfsg-1 + [stretch] - symfony <no-dsa> (Minor issue) NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through ...) - symfony 3.4.14+dfsg-1 + [stretch] - symfony <no-dsa> (Minor issue) NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution ...) - ajaxplorer <itp> (bug #668381) @@ -70267,9 +70270,11 @@ CVE-2017-11429 CVE-2017-11428 RESERVED - ruby-saml 1.7.2-1 (bug #892865) + [stretch] - ruby-saml <no-dsa> (Minor issue) NOTE: fixed in 1.7.0 NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations NOTE: https://www.kb.cert.org/vuls/id/475445 + NOTE: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f CVE-2017-11427 RESERVED NOT-FOR-US: OneLogin python-saml ===================================== data/dsa-needed.txt ===================================== @@ -63,8 +63,6 @@ smarty3 sssd Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release. -- -symfony --- tiff -- xml-security-c View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/051203e2349b49327f0da2e6d7192245057b0785 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits