Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
71194d32 by Salvatore Bonaccorso at 2018-09-21T19:09:28Z
Update information for CVE-2018-13818
MITRE will sync up the entry soon, clarifying the disputed status on the
entry.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8526,10 +8526,11 @@ CVE-2018-13820 (A hardcoded passphrase, in CA Unified
Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure
Management 8.5.1, ...)
NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI)
via the ...)
- - twig 2.4.4-2
- [stretch] - twig <no-dsa> (Minor issue)
- [jessie] - twig <no-dsa> (Minor issue)
+ - twig 2.4.4-2 (unimportant)
NOTE: Fixed upstream in 2.4.4
+ NOTE: Vendor of Twig disputes issue as Twig itself is not a web
application and
+ NOTE: it is the repsonsibility of the web applications using Twig to
properly wrap
+ NOTE: input to it.
CVE-2018-13817
RESERVED
CVE-2018-13816
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
