[Secure-testing-commits] r54686 - data/CVE

Moritz Muehlenhoff Sat, 12 Aug 2017 09:09:07 -0700

Author: jmm
Date: 2017-08-12 16:08:47 +0000 (Sat, 12 Aug 2017)
New Revision: 54686


Modified:
   data/CVE/list
Log:
curl fixed
libapache2-mod-auth-mellon, libapache2-mod-auth-openidc no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-08-12 15:58:45 UTC (rev 54685)
+++ data/CVE/list       2017-08-12 16:08:47 UTC (rev 54686)
@@ -333,15 +333,15 @@
 CVE-2017-12694
        RESERVED
 CVE-2017-1000101 [URL globbing out of bounds read]
-       - curl <unfixed> (bug #871554)
+       - curl 7.55.0-1 (bug #871554)
        NOTE: https://curl.haxx.se/docs/adv_20170809A.html
        NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
 CVE-2017-1000100 [TFTP sends more than buffer size]
-       - curl <unfixed> (bug #871555)
+       - curl 7.55.0-1 (bug #871555)
        NOTE: https://curl.haxx.se/docs/adv_20170809B.html
        NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
 CVE-2017-1000099 [FILE buffer read out of bounds]
-       - curl <not-affected> (Only affects 7.54.1)
+       - curl <not-affected> (Only affects 7.54.1, no affected version ever in 
the archive)
        NOTE: https://curl.haxx.se/docs/adv_20170809C.html
        NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
        NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
@@ -17110,6 +17110,7 @@
        NOT-FOR-US: MaNGOSWebV4
 CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site 
Session ...)
        - libapache2-mod-auth-mellon 0.12.0-2
+       [jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
 CVE-2017-6806
        RESERVED
 CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in 
MobaXterm ...)
@@ -18344,6 +18345,7 @@
        NOTE: Fixed by: 
https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
 CVE-2017-6413 (The &quot;OpenID Connect Relying Party and OAuth 2.0 Resource 
Server&quot; (aka ...)
        - libapache2-mod-auth-openidc 2.1.6-1
+       [jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
 CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation 
could ...)
        NOT-FOR-US: Sophos
@@ -19895,6 +19897,7 @@
        [wheezy] - gnome-keyring <no-dsa> (Minor issue)
 CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect 
authentication ...)
        - libapache2-mod-auth-openidc 2.1.5-1
+       [jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
        NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
 CVE-2017-6062 (The &quot;OpenID Connect Relying Party and OAuth 2.0 Resource 
Server&quot; (aka ...)
        - libapache2-mod-auth-openidc 2.1.5-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r54686 - data/CVE

Reply via email to