Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6088b620 by Salvatore Bonaccorso at 2018-03-08T06:18:56+01:00 CVE-2018-7753/python-bleach assigned - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -28,11 +28,12 @@ CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerabilit NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621) NOTE: adresses CVE-2018-1000116 as well. -CVE-2018-XXXX [URI values with character entities not properly sanitized] +CVE-2018-7753 [URI values with character entities not properly sanitized] - python-bleach 2.1.3-1 (bug #892252) [stretch] - python-bleach <not-affected> (Vulnerable code introduced later) [jessie] - python-bleach <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/mozilla/bleach/pull/356 + NOTE: https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on ...) - python3.7 <not-affected> (Windows-specific) - python3.6 <not-affected> (Windows-specific) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6088b6204a533f0f19e31fe74cde8ef186d085d9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits