Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8f3455a4 by Salvatore Bonaccorso at 2018-01-05T09:24:38+01:00
Add CVE-2017-1000433/python-pysaml2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2910,7 +2910,9 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack
based buffer overflow in
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an
Open ...)
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run
with ...)
- TODO: check
+ - python-pysaml2 <unfixed>
+ NOTE: https://github.com/rohe/pysaml2/issues/451
+ NOTE: Fixed by:
https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to
Deleting ...)
TODO: check
CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS
attack in the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f3455a4ddf51366d8e8aaecea40d519642e7ced
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8f3455a4ddf51366d8e8aaecea40d519642e7ced
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
