diff options
author | Sylvain Beucler <beuc@beuc.net> | 2022-05-23 11:03:03 +0200 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2022-05-23 11:03:03 +0200 |
commit | 6e3c133e06bce7137843010446b2f778fdce8b8e (patch) | |
tree | e5fafbebe20a9163af49e71e888dafdc31c4eebc /data | |
parent | 732a513bae92b2c995228f984f23830e2fe0e42d (diff) |
CVE-2018-1311/xerces-c: harmonize triaging with buster
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 3 | ||||
-rw-r--r-- | data/DLA/list | 1 |
2 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index c3037894ed..c185da46ab 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -288636,11 +288636,10 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest a CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...) {DSA-4814-1} - xerces-c 3.2.3+debian-2 (bug #947431) - [stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream, fixed with memory leak in DLA 2498-1) [jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility) NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt NOTE: https://issues.apache.org/jira/browse/XERCESC-2188 - NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with memory leak) + NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with memory leak, applied in DLA-2498-1 and DSA-4814-1) NOTE: Mitigation by setting the XERCES_DISABLE_DTD environment variable CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client vulne ...) NOT-FOR-US: Apache NiFi diff --git a/data/DLA/list b/data/DLA/list index db43ce2454..52cff6f8b4 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1590,6 +1590,7 @@ {CVE-2020-29668} [stretch] - sympa 6.2.16~dfsg-3+deb9u5 [17 Dec 2020] DLA-2498-1 xerces-c - security update + {CVE-2018-1311} [stretch] - xerces-c 3.1.4+debian-2+deb9u2 [17 Dec 2020] DLA-2497-1 thunderbird - security update {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113} |