[Secure-testing-commits] r54772 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Aug 15 19:28:02 UTC 2017
Author: carnil
Date: 2017-08-15 19:28:02 +0000 (Tue, 15 Aug 2017)
New Revision: 54772
Modified:
data/CVE/list
Log:
Add simplesamlphp issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-15 19:11:51 UTC (rev 54771)
+++ data/CVE/list 2017-08-15 19:28:02 UTC (rev 54772)
@@ -1,3 +1,31 @@
+CVE-2017-12874 [Incorrect signature verification]
+ - simplesamlphp <unfixed>
+ NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
+ NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
+ NOTE: https://simplesamlphp.org/security/201612-03
+ TODO: check
+CVE-2017-12873 [Incorrect persistent NameID generation]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201612-04
+CVE-2017-12872 [Multiple timing side-channel issues]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201703-01
+CVE-2017-12871 [Incorrect IV generation for encryption]
+ - simplesamlphp 1.14.15-1
+ [jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
+ NOTE: https://simplesamlphp.org/security/201703-02
+CVE-2017-12870 [Unauthenticated encryption in CBC mode]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201704-01
+CVE-2017-12869 [Authentication context bypass in the multiauth module]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201704-02
+CVE-2017-12868 [Session fixation issue and authentication bypass in the authcrypt module]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201705-01
+CVE-2017-12867 [Invalid token creation and validation]
+ - simplesamlphp 1.14.15-1
+ NOTE: https://simplesamlphp.org/security/201708-01
CVE-2017-12855 [XSA-230: grant_table: possibly premature clearing of GTF_writing / GTF_reading]
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-230.html
More information about the Secure-testing-commits
mailing list