Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 3ee8f0c2 by Salvatore Bonaccorso at 2018-02-27T21:02:21+01:00 Record fix for CVE-2018-0486 which will be included in DSA - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -19307,7 +19307,7 @@ CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allow CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...) {DSA-4085-1 DLA-1242-1} - xmltooling 1.6.3-1 - [stretch] - xmltooling <no-dsa> (Xerces is configured to disallow DTD use) + [stretch] - xmltooling 1.6.0-4+deb9u1 NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already NOTE: disallow DTD use. ===================================== data/next-point-update.txt ===================================== --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -82,9 +82,6 @@ CVE-2018-6197 [stretch] - w3m 0.5.3-34+deb9u1 CVE-2018-6198 [stretch] - w3m 0.5.3-34+deb9u1 -CVE-2018-0486 - [stretch] - xmltooling 1.6.0-4+deb9u1 - NOTE: discussed with release-team if 1.6.3-1~deb9u1 would be accepted CVE-2017-6418 [stretch] - clamav 0.99.2+dfsg-6+deb9u1 CVE-2017-6420 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits