Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 71194d32 by Salvatore Bonaccorso at 2018-09-21T19:09:28Z Update information for CVE-2018-13818 MITRE will sync up the entry soon, clarifying the disputed status on the entry. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8526,10 +8526,11 @@ CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...) NOT-FOR-US: CA Unified Infrastructure Management CVE-2018-13818 (Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the ...) - - twig 2.4.4-2 - [stretch] - twig <no-dsa> (Minor issue) - [jessie] - twig <no-dsa> (Minor issue) + - twig 2.4.4-2 (unimportant) NOTE: Fixed upstream in 2.4.4 + NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and + NOTE: it is the repsonsibility of the web applications using Twig to properly wrap + NOTE: input to it. CVE-2018-13817 RESERVED CVE-2018-13816 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/71194d3222eb4afcaf9ece0ad8d6051506bb87ee You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits