Author: sectracker Date: 2017-09-02 09:10:16 +0000 (Sat, 02 Sep 2017) New Revision: 55383
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-02 08:28:51 UTC (rev 55382) +++ data/CVE/list 2017-09-02 09:10:16 UTC (rev 55383) @@ -1,3 +1,11 @@ +CVE-2017-14113 + RESERVED +CVE-2017-14112 + RESERVED +CVE-2017-14111 + RESERVED +CVE-2017-14110 + RESERVED CVE-2017-1000201 NOT-FOR-US: tcmu-runner CVE-2017-1000200 @@ -173,8 +181,8 @@ [stretch] - ffmpeg <postponed> (Can be fixed along when more severe issues are being fixed) - libav <undetermined> NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 -CVE-2017-14053 - RESERVED +CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...) + TODO: check CVE-2017-14052 RESERVED CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...) @@ -3462,22 +3470,18 @@ NOT-FOR-US: C.P.Sub CVE-2017-12854 RESERVED -CVE-2017-12874 [Incorrect signature verification] - RESERVED +CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof ...) - simplesamlphp 1.14.11-1 NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed NOTE: in 1.0.1. The module is embedded in src:simplesamlphp NOTE: https://simplesamlphp.org/security/201612-03 -CVE-2017-12873 [Incorrect persistent NameID generation] - RESERVED +CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201612-04 -CVE-2017-12872 [Multiple timing side-channel issues] - RESERVED +CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201703-01 -CVE-2017-12871 [Incorrect IV generation for encryption] - RESERVED +CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in ...) - simplesamlphp 1.14.15-1 [jessie] - simplesamlphp <not-affected> (Vulnerable code not present) [wheezy] - simplesamlphp <not-affected> (Vulnerable code not present) @@ -3913,12 +3917,12 @@ NOTE: https://curl.haxx.se/docs/adv_20170809C.html NOTE: https://curl.haxx.se/CVE-2017-1000099.patch NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 -CVE-2017-12693 - RESERVED -CVE-2017-12692 - RESERVED -CVE-2017-12691 - RESERVED +CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...) + TODO: check +CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...) + TODO: check +CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...) + TODO: check CVE-2017-12690 RESERVED CVE-2017-12689 @@ -4646,12 +4650,12 @@ [wheezy] - shadow <no-dsa> (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5) -CVE-2017-12423 - RESERVED +CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...) + TODO: check CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before ...) NOT-FOR-US: NetApp -CVE-2017-12421 - RESERVED +CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...) + TODO: check CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp ...) NOT-FOR-US: NetApp CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on ...) @@ -64905,8 +64909,8 @@ NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12) CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with ...) NOT-FOR-US: Firmware in Lexmark printers -CVE-2016-1895 - RESERVED +CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote ...) + TODO: check CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote ...) NOT-FOR-US: NetApp CVE-2016-1893 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits