(Jul 5) This update backports an upstream fix for CVE-2018-12910.
Comment
(Jul 8) Fix CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI
(Jul 7) New upstream version
(Jul 7) ## 3.3.17 (2018-05-25) * security #cve-2018-11407 [Ldap] cast to string when checking empty passwords * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured * security #cve-2018-11406 clear CSRF tokens when the user is logged out * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener * security #cve-2018-11386
(Jul 6) Latest upstream release, omits some mounting code found to be insecure and not well tested.