[Secure-testing-commits] r54686 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sat Aug 12 16:08:48 UTC 2017 

Author: jmm
Date: 2017-08-12 16:08:47 +0000 (Sat, 12 Aug 2017)
New Revision: 54686

Modified:
   data/CVE/list
Log:
curl fixed
libapache2-mod-auth-mellon, libapache2-mod-auth-openidc no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-12 15:58:45 UTC (rev 54685)
+++ data/CVE/list	2017-08-12 16:08:47 UTC (rev 54686)
@@ -333,15 +333,15 @@
 CVE-2017-12694
 	RESERVED
 CVE-2017-1000101 [URL globbing out of bounds read]
-	- curl <unfixed> (bug #871554)
+	- curl 7.55.0-1 (bug #871554)
 	NOTE: https://curl.haxx.se/docs/adv_20170809A.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
 CVE-2017-1000100 [TFTP sends more than buffer size]
-	- curl <unfixed> (bug #871555)
+	- curl 7.55.0-1 (bug #871555)
 	NOTE: https://curl.haxx.se/docs/adv_20170809B.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
 CVE-2017-1000099 [FILE buffer read out of bounds]
-	- curl <not-affected> (Only affects 7.54.1)
+	- curl <not-affected> (Only affects 7.54.1, no affected version ever in the archive)
 	NOTE: https://curl.haxx.se/docs/adv_20170809C.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
 	NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
@@ -17110,6 +17110,7 @@
 	NOT-FOR-US: MaNGOSWebV4
 CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session ...)
 	- libapache2-mod-auth-mellon 0.12.0-2
+	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
 CVE-2017-6806
 	RESERVED
 CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm ...)
@@ -18344,6 +18345,7 @@
 	NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
 CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...)
 	- libapache2-mod-auth-openidc 2.1.6-1
+	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
 CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could ...)
 	NOT-FOR-US: Sophos
@@ -19895,6 +19897,7 @@
 	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
 CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...)
 	- libapache2-mod-auth-openidc 2.1.5-1
+	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
 	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
 CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...)
 	- libapache2-mod-auth-openidc 2.1.5-1

More information about the Secure-testing-commits mailing list