[Secure-testing-commits] r54920 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sun Aug 20 21:10:14 UTC 2017
Author: sectracker
Date: 2017-08-20 21:10:14 +0000 (Sun, 20 Aug 2017)
New Revision: 54920
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-20 20:26:42 UTC (rev 54919)
+++ data/CVE/list 2017-08-20 21:10:14 UTC (rev 54920)
@@ -1,3 +1,11 @@
+CVE-2017-12975
+ RESERVED
+CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ...)
+ TODO: check
+CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...)
+ TODO: check
+CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
+ TODO: check
CVE-2017-12976 [Command injection via malicious ssh URLs]
- git-annex 6.20170818-1
NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
@@ -18,8 +26,8 @@
[jessie] - binutils <ignored> (Minor issue)
[wheezy] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962
-CVE-2017-12966
- RESERVED
+CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in ...)
+ TODO: check
CVE-2017-12965
RESERVED
CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
@@ -1243,6 +1251,7 @@
NOTE: https://curl.haxx.se/docs/adv_20170809A.html
NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
CVE-2017-1000100 [TFTP sends more than buffer size]
+ {DLA-1062-1}
- curl 7.55.0-1 (bug #871555)
NOTE: https://curl.haxx.se/docs/adv_20170809B.html
NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
More information about the Secure-testing-commits
mailing list