Author: hertzog Date: 2017-11-30 17:10:55 +0000 (Thu, 30 Nov 2017) New Revision: 58147
Modified: data/CVE/list Log: Add patches for simplesamlphp issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-11-30 15:53:22 UTC (rev 58146) +++ data/CVE/list 2017-11-30 17:10:55 UTC (rev 58147) @@ -13854,12 +13854,15 @@ NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed NOTE: in 1.0.1. The module is embedded in src:simplesamlphp NOTE: https://simplesamlphp.org/security/201612-03 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201612-04 + NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201703-01 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439 https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in ...) - simplesamlphp 1.14.15-1 [jessie] - simplesamlphp <not-affected> (Vulnerable code not present) @@ -13867,16 +13870,20 @@ NOTE: https://simplesamlphp.org/security/201703-02 CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...) - simplesamlphp 1.14.15-1 + [wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport) NOTE: https://simplesamlphp.org/security/201704-01 CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201704-02 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201705-01 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...) - simplesamlphp 1.14.15-1 NOTE: https://simplesamlphp.org/security/201708-01 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...) {DSA-3969-1 DLA-1132-1} - xen 4.8.1-1+deb9u3 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits