Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6088b620 by Salvatore Bonaccorso at 2018-03-08T06:18:56+01:00
CVE-2018-7753/python-bleach assigned
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -28,11 +28,12 @@ CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap
corruption vulnerabilit
NOTE:
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
NOTE: adresses CVE-2018-1000116 as well.
-CVE-2018-XXXX [URI values with character entities not properly sanitized]
+CVE-2018-7753 [URI values with character entities not properly sanitized]
- python-bleach 2.1.3-1 (bug #892252)
[stretch] - python-bleach <not-affected> (Vulnerable code introduced
later)
[jessie] - python-bleach <not-affected> (Vulnerable code introduced
later)
NOTE: https://github.com/mozilla/bleach/pull/356
+ NOTE:
https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until
3.6.4 on ...)
- python3.7 <not-affected> (Windows-specific)
- python3.6 <not-affected> (Windows-specific)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
