Sebastien Delafond pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d33e8eb5 by Sébastien Delafond at 2018-02-28T11:07:39+01:00
Add upstream commits fixing CVE-2018-04[87]
Thanks to James Cowgill for identifying them.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -19390,11 +19390,14 @@ CVE-2018-0488 (ARM mbed TLS before 1.3.22, before
2.1.10, and before 2.7.0, when
- polarssl <removed>
[wheezy] - polarssl <not-affected> (according to the upstream advisory
< 1.2.19 not affected)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
+ NOTE:
https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
+ NOTE:
https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0
allows ...)
- mbedtls 2.7.0-2 (bug #890288)
- polarssl <removed>
[wheezy] - polarssl <not-affected> (according to the upstream advisory
< 1.3.7 not affected)
NOTE:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
+ NOTE:
https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth
Service ...)
{DSA-4085-1 DLA-1242-1}
- xmltooling 1.6.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33e8eb5dc82b01f9ec22d97d8fd4bdc53f810b7
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d33e8eb5dc82b01f9ec22d97d8fd4bdc53f810b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
