Thijs Kinkhorst pushed to branch master at Debian Security Tracker / security-tracker
Commits: 96006da2 by Thijs Kinkhorst at 2018-03-05T09:44:54+00:00 Mark SSPSA 201803-01 no-dsa, update fixed version for CVE-2017-12873 (does not change affected suites). - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -28,6 +28,10 @@ CVE-2018-7659 RESERVED CVE-2018-XXXX [SSPSA 201803-01] - simplesamlphp 1.15.4-1 + [stretch] - simplesamlphp <no-dsa> (Minor issue) + [jessie] - simplesamlphp <no-dsa> (Minor issue) + [wheezy] - simplesamlphp <no-dsa> (Minor issue) + NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important NOTE: https://simplesamlphp.org/security/201803-01 NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d CVE-2018-7658 @@ -33723,7 +33727,7 @@ CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to sp NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...) {DSA-4127-1 DLA-1205-1} - - simplesamlphp 1.14.10-1 + - simplesamlphp 1.14.11-1 NOTE: https://simplesamlphp.org/security/201612-04 NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/96006da22b66b8d8a1a706891a0c1ac025411eb3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits