CVE-2018-13818

To: debian-security <debian-security@lists.debian.org>
Subject: CVE-2018-13818
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 6 Sep 2018 00:55:19 +0530
Message-id: <[🔎] a0e937ba-b19a-f9a8-d156-e710d48c8387@disroot.org>

Hello.

Instead of no-dsa, I think we can mark CVE-2018-13818 as not-affected in
stretch. I was unable to reproduce POC mentioned in CVE reference[1] in
stretch. Also please consider upstream devs' comments[1]


--abhijith

[1] - https://www.cvedetails.com/cve/CVE-2018-13818/
[2] - https://github.com/twigphp/Twig/issues/2743#issuecomment-418817089

Reply to:

Prev by Date: Re: Testers needed for ghostscript update
Next by Date: Re: Testers needed for ghostscript update
Previous by thread: Re: Testers needed for ghostscript update
Next by thread: Report from the Debian Security Team Sprint in Hamburg (May 2018)
Index(es):
- Date
- Thread