[Git][security-tracker-team/security-tracker][master] Provide more information for symfony issues

Wed, 13 Nov 2019 13:10:02 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8ada18a3 by Salvatore Bonaccorso at 2019-11-13T21:08:45Z
Provide more information for symfony issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,18 +114,27 @@ CVE-2019-18891
        RESERVED
 CVE-2019-18890
        RESERVED
-CVE-2019-18889
+CVE-2019-18889 [Forbid serializing AbstractAdapter and TagAwareAdapter 
instances]
        RESERVED
        - symfony 4.3.8+dfsg-1
-CVE-2019-18888
+       NOTE: 
https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
+       NOTE: 
https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a
+CVE-2019-18888 [Prevent argument injection in a MimeTypeGuesser]
        RESERVED
        - symfony 4.3.8+dfsg-1
-CVE-2019-18887
+       NOTE: 
https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
+       NOTE: 
https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365
+       NOTE: 
https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5
+CVE-2019-18887 [Use constant time comparison in UriSigner]
        RESERVED
        - symfony 4.3.8+dfsg-1
-CVE-2019-18886
+       NOTE: 
https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
+       NOTE: 
https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb
+CVE-2019-18886 [Prevent user enumeration using switch user functionality]
        RESERVED
        - symfony 4.3.8+dfsg-1
+       NOTE: 
https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality
+       NOTE: 
https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332
 CVE-2019-18885
        RESERVED
 CVE-2019-18884
@@ -25463,9 +25472,11 @@ CVE-2019-11327 (An issue was discovered on Topcon 
Positioning Net-G5 GNSS Receiv
        NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
 CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS 
Receiver dev ...)
        NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
-CVE-2019-11325
+CVE-2019-11325 [Fix escaping of strings in VarExporter]
        RESERVED
        - symfony 4.3.8+dfsg-1
+       NOTE: 
https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter
+       NOTE: 
https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a
 CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, 
which trig ...)
        - haproxy <not-affected> (Vulnerable code introduced in 1.9.x series in 
v1.9.2)
        NOTE: Introduced in: 
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ada18a3c9886a6d8e8a40e43bcaec4bde861b15

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ada18a3c9886a6d8e8a40e43bcaec4bde861b15
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to