From 70a198a8141e71af6cd4a704e977d91257d36163 Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Tue, 3 Jul 2018 14:45:41 +0200 Subject: [PATCH 1/3] Mark CVE-2016-6485 for magento2 as fixed in 2.2.5 --- magento/magento2ce/2016-07-19.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/magento/magento2ce/2016-07-19.yaml b/magento/magento2ce/2016-07-19.yaml index bfe221a2b..e5877777d 100644 --- a/magento/magento2ce/2016-07-19.yaml +++ b/magento/magento2ce/2016-07-19.yaml @@ -1,6 +1,6 @@ title: Unauthenticated crypto and weak IV in Magento\Framework\Encryption link: http://www.openwall.com/lists/oss-security/2016/07/19/3 -cve: ~ +cve: CVE-2016-6485 branches: "2.0": time: 2014-02-13 11:12:34 @@ -10,6 +10,6 @@ branches: versions: ['>=2.1', '<2.2'] "2.2": time: 2014-02-13 11:12:34 - versions: ['>=2.2', '<2.3'] + versions: ['>=2.2', '<2.2.5'] reference: composer://magento/magento2ce composer-repository: false From baaac8a96ae23de9d464bc7a7425e37b05f77ae6 Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Tue, 3 Jul 2018 15:11:58 +0200 Subject: [PATCH 2/3] Magento 2.2.5 and 2.1.14 Security update --- magento/magento2ce/2018-06-27.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 magento/magento2ce/2018-06-27.yaml diff --git a/magento/magento2ce/2018-06-27.yaml b/magento/magento2ce/2018-06-27.yaml new file mode 100644 index 000000000..cb904c72c --- /dev/null +++ b/magento/magento2ce/2018-06-27.yaml @@ -0,0 +1,12 @@ +title: Magento 2.2.5 and 2.1.14 Security update +link: https://magento.com/security/patches/magento-2.2.5-and-2.1.14-security-update +cve: ~ +branches: + "2.1": + time: 2018-06-27 00:00:00 + versions: ['>=2.1', '<2.1.14'] + "2.2": + time: 2018-06-27 00:00:00 + versions: ['>=2.2', '<2.2.5'] +reference: composer://magento/magento2ce +composer-repository: false From 055845d14d78fe429744130bdedc775446533be1 Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Tue, 3 Jul 2018 21:38:57 +0200 Subject: [PATCH 3/3] Rename to magento/product-community-edition --- .../{magento2ce => product-community-edition}/2016-07-19.yaml | 2 +- .../{magento2ce => product-community-edition}/2018-06-27.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename magento/{magento2ce => product-community-edition}/2016-07-19.yaml (89%) rename magento/{magento2ce => product-community-edition}/2018-06-27.yaml (86%) diff --git a/magento/magento2ce/2016-07-19.yaml b/magento/product-community-edition/2016-07-19.yaml similarity index 89% rename from magento/magento2ce/2016-07-19.yaml rename to magento/product-community-edition/2016-07-19.yaml index e5877777d..55feddf80 100644 --- a/magento/magento2ce/2016-07-19.yaml +++ b/magento/product-community-edition/2016-07-19.yaml @@ -11,5 +11,5 @@ branches: "2.2": time: 2014-02-13 11:12:34 versions: ['>=2.2', '<2.2.5'] -reference: composer://magento/magento2ce +reference: composer://magento/product-community-edition composer-repository: false diff --git a/magento/magento2ce/2018-06-27.yaml b/magento/product-community-edition/2018-06-27.yaml similarity index 86% rename from magento/magento2ce/2018-06-27.yaml rename to magento/product-community-edition/2018-06-27.yaml index cb904c72c..f4a67fab8 100644 --- a/magento/magento2ce/2018-06-27.yaml +++ b/magento/product-community-edition/2018-06-27.yaml @@ -8,5 +8,5 @@ branches: "2.2": time: 2018-06-27 00:00:00 versions: ['>=2.2', '<2.2.5'] -reference: composer://magento/magento2ce +reference: composer://magento/product-community-edition composer-repository: false