[Secure-testing-commits] r58147 - data/CVE

Raphaël Hertzog Thu, 30 Nov 2017 09:11:10 -0800

Author: hertzog
Date: 2017-11-30 17:10:55 +0000 (Thu, 30 Nov 2017)
New Revision: 58147


Modified:
   data/CVE/list
Log:
Add patches for simplesamlphp issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-11-30 15:53:22 UTC (rev 58146)
+++ data/CVE/list       2017-11-30 17:10:55 UTC (rev 58147)
@@ -13854,12 +13854,15 @@
        NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and 
fixed
        NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
        NOTE: https://simplesamlphp.org/security/201612-03
+       NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
 CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to 
obtain ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201612-04
+       NOTE: Patches: 
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
 
https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231
 
https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
 CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module 
and (2) ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201703-01
+       NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439
 
https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
 CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in 
...)
        - simplesamlphp 1.14.15-1
        [jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
@@ -13867,16 +13870,20 @@
        NOTE: https://simplesamlphp.org/security/201703-02
 CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for 
man-in-the-middle ...)
        - simplesamlphp 1.14.15-1
+       [wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS 
usage, hard to backport)
        NOTE: https://simplesamlphp.org/security/201704-01
 CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier 
allows ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201704-02
+       NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
 CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in 
...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201705-01
+       NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
 CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 
1.14.14 ...)
        - simplesamlphp 1.14.15-1
        NOTE: https://simplesamlphp.org/security/201708-01
+       NOTE: Patch: 
https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to 
inform ...)
        {DSA-3969-1 DLA-1132-1}
        - xen 4.8.1-1+deb9u3


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r58147 - data/CVE

Reply via email to