Author: jmm Date: 2017-08-12 16:08:47 +0000 (Sat, 12 Aug 2017) New Revision: 54686
Modified: data/CVE/list Log: curl fixed libapache2-mod-auth-mellon, libapache2-mod-auth-openidc no-dsa Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-12 15:58:45 UTC (rev 54685) +++ data/CVE/list 2017-08-12 16:08:47 UTC (rev 54686) @@ -333,15 +333,15 @@ CVE-2017-12694 RESERVED CVE-2017-1000101 [URL globbing out of bounds read] - - curl <unfixed> (bug #871554) + - curl 7.55.0-1 (bug #871554) NOTE: https://curl.haxx.se/docs/adv_20170809A.html NOTE: https://curl.haxx.se/CVE-2017-1000101.patch CVE-2017-1000100 [TFTP sends more than buffer size] - - curl <unfixed> (bug #871555) + - curl 7.55.0-1 (bug #871555) NOTE: https://curl.haxx.se/docs/adv_20170809B.html NOTE: https://curl.haxx.se/CVE-2017-1000100.patch CVE-2017-1000099 [FILE buffer read out of bounds] - - curl <not-affected> (Only affects 7.54.1) + - curl <not-affected> (Only affects 7.54.1, no affected version ever in the archive) NOTE: https://curl.haxx.se/docs/adv_20170809C.html NOTE: https://curl.haxx.se/CVE-2017-1000099.patch NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 @@ -17110,6 +17110,7 @@ NOT-FOR-US: MaNGOSWebV4 CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session ...) - libapache2-mod-auth-mellon 0.12.0-2 + [jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) CVE-2017-6806 RESERVED CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm ...) @@ -18344,6 +18345,7 @@ NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) - libapache2-mod-auth-openidc 2.1.6-1 + [jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could ...) NOT-FOR-US: Sophos @@ -19895,6 +19897,7 @@ [wheezy] - gnome-keyring <no-dsa> (Minor issue) CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...) - libapache2-mod-auth-openidc 2.1.5-1 + [jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue) NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212 CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) - libapache2-mod-auth-openidc 2.1.5-1 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits