[Secure-testing-commits] r54773 - data/CVE

Tue Aug 15 21:10:15 UTC 2017

Author: sectracker
Date: 2017-08-15 21:10:15 +0000 (Tue, 15 Aug 2017)
New Revision: 54773

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-08-15 19:28:02 UTC (rev 54772)
+++ data/CVE/list	2017-08-15 21:10:15 UTC (rev 54773)
@@ -1,38 +1,76 @@
+CVE-2017-12877
+	RESERVED
+CVE-2017-12876
+	RESERVED
+CVE-2017-12875
+	RESERVED
+CVE-2017-12866
+	RESERVED
+CVE-2017-12865
+	RESERVED
+CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
+	TODO: check
+CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
+	TODO: check
+CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...)
+	TODO: check
+CVE-2017-12861
+	RESERVED
+CVE-2017-12860
+	RESERVED
+CVE-2017-12859
+	RESERVED
+CVE-2017-12858
+	RESERVED
+CVE-2017-12857
+	RESERVED
+CVE-2017-12856
+	RESERVED
+CVE-2017-12854
+	RESERVED
 CVE-2017-12874 [Incorrect signature verification]
+	RESERVED
 	- simplesamlphp <unfixed>
 	NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
 	NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
 	NOTE: https://simplesamlphp.org/security/201612-03
 	TODO: check
 CVE-2017-12873 [Incorrect persistent NameID generation]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201612-04
 CVE-2017-12872 [Multiple timing side-channel issues]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201703-01
 CVE-2017-12871 [Incorrect IV generation for encryption]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
 	NOTE: https://simplesamlphp.org/security/201703-02
 CVE-2017-12870 [Unauthenticated encryption in CBC mode]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201704-01
 CVE-2017-12869 [Authentication context bypass in the multiauth module]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201704-02
 CVE-2017-12868 [Session fixation issue and authentication bypass in the authcrypt module]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201705-01
 CVE-2017-12867 [Invalid token creation and validation]
+	RESERVED
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201708-01
-CVE-2017-12855 [XSA-230: grant_table: possibly premature clearing of GTF_writing / GTF_reading]
+CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...)
 	- xen <unfixed>
 	NOTE: https://xenbits.xen.org/xsa/advisory-230.html
 CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...)
 	NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
-CVE-2017-12852
-	RESERVED
+CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing ...)
+	TODO: check
 CVE-2017-12851 (An authenticated standard user could reset the password of the admin ...)
 	- kanboard <itp> (bug #790814)
 CVE-2017-12850 (An authenticated standard user could reset the password of other users ...)
@@ -11418,8 +11456,8 @@
 	RESERVED
 CVE-2017-8666 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
 	NOT-FOR-US: Microsoft
-CVE-2017-8665
-	RESERVED
+CVE-2017-8665 (The Xamarin.iOS update component on systems running macOS allows an ...)
+	TODO: check
 CVE-2017-8664 (Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, ...)
 	NOT-FOR-US: Microsoft
 CVE-2017-8663 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, ...)


