Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ee8f0c2 by Salvatore Bonaccorso at 2018-02-27T21:02:21+01:00
Record fix for CVE-2018-0486 which will be included in DSA
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19307,7 +19307,7 @@ CVE-2018-0487 (ARM mbed TLS before 1.3.22, before
2.1.10, and before 2.7.0 allow
CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth
Service ...)
{DSA-4085-1 DLA-1242-1}
- xmltooling 1.6.3-1
- [stretch] - xmltooling <no-dsa> (Xerces is configured to disallow DTD
use)
+ [stretch] - xmltooling 1.6.0-4+deb9u1
NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if
parser already
NOTE: disallow DTD use.
=====================================
data/next-point-update.txt
=====================================
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -82,9 +82,6 @@ CVE-2018-6197
[stretch] - w3m 0.5.3-34+deb9u1
CVE-2018-6198
[stretch] - w3m 0.5.3-34+deb9u1
-CVE-2018-0486
- [stretch] - xmltooling 1.6.0-4+deb9u1
- NOTE: discussed with release-team if 1.6.3-1~deb9u1 would be accepted
CVE-2017-6418
[stretch] - clamav 0.99.2+dfsg-6+deb9u1
CVE-2017-6420
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3ee8f0c29cc19e29e7612d7be75c861798fb2b39
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
