[Secure-testing-commits] r55383 - data/CVE

Sat, 02 Sep 2017 02:10:41 -0700 

Author: sectracker
Date: 2017-09-02 09:10:16 +0000 (Sat, 02 Sep 2017)
New Revision: 55383

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-02 08:28:51 UTC (rev 55382)
+++ data/CVE/list       2017-09-02 09:10:16 UTC (rev 55383)
@@ -1,3 +1,11 @@
+CVE-2017-14113
+       RESERVED
+CVE-2017-14112
+       RESERVED
+CVE-2017-14111
+       RESERVED
+CVE-2017-14110
+       RESERVED
 CVE-2017-1000201
        NOT-FOR-US: tcmu-runner
 CVE-2017-1000200
@@ -173,8 +181,8 @@
        [stretch] - ffmpeg <postponed> (Can be fixed along when more severe 
issues are being fixed)
        - libav <undetermined>
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
-CVE-2017-14053
-       RESERVED
+CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP 
before 7.2P1 ...)
+       TODO: check
 CVE-2017-14052
        RESERVED
 CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security 
component of ...)
@@ -3462,22 +3470,18 @@
        NOT-FOR-US: C.P.Sub
 CVE-2017-12854
        RESERVED
-CVE-2017-12874 [Incorrect signature verification]
-       RESERVED
+CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to 
spoof ...)
        - simplesamlphp 1.14.11-1
        NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and 
fixed
        NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
        NOTE: https://simplesamlphp.org/security/201612-03
-CVE-2017-12873 [Incorrect persistent NameID generation]
-       RESERVED
+CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to 
obtain ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201612-04
-CVE-2017-12872 [Multiple timing side-channel issues]
-       RESERVED
+CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module 
and (2) ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201703-01
-CVE-2017-12871 [Incorrect IV generation for encryption]
-       RESERVED
+CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in 
...)
        - simplesamlphp 1.14.15-1
        [jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
        [wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
@@ -3913,12 +3917,12 @@
        NOTE: https://curl.haxx.se/docs/adv_20170809C.html
        NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
        NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
-CVE-2017-12693
-       RESERVED
-CVE-2017-12692
-       RESERVED
-CVE-2017-12691
-       RESERVED
+CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 
7.0.6-6 ...)
+       TODO: check
+CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 
7.0.6-6 ...)
+       TODO: check
+CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 
7.0.6-6 ...)
+       TODO: check
 CVE-2017-12690
        RESERVED
 CVE-2017-12689
@@ -4646,12 +4650,12 @@
        [wheezy] - shadow <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
        NOTE: 
https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
 (4.5)
-CVE-2017-12423
-       RESERVED
+CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows 
remote ...)
+       TODO: check
 CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x 
before ...)
        NOT-FOR-US: NetApp
-CVE-2017-12421
-       RESERVED
+CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows 
remote ...)
+       TODO: check
 CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp 
...)
        NOT-FOR-US: NetApp
 CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on 
...)
@@ -64905,8 +64909,8 @@
        NOTE: 
http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 
(v0.12)
 CVE-2016-1896 (Race condition in the initialization process on Lexmark 
printers with ...)
        NOT-FOR-US: Firmware in Lexmark printers
-CVE-2016-1895
-       RESERVED
+CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow 
remote ...)
+       TODO: check
 CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote 
...)
        NOT-FOR-US: NetApp
 CVE-2016-1893


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to