[Secure-testing-commits] r54920 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Sun Aug 20 21:10:14 UTC 2017


Author: sectracker
Date: 2017-08-20 21:10:14 +0000 (Sun, 20 Aug 2017)
New Revision: 54920

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-20 20:26:42 UTC (rev 54919)
+++ data/CVE/list	2017-08-20 21:10:14 UTC (rev 54920)
@@ -1,3 +1,11 @@
+CVE-2017-12975
+	RESERVED
+CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ...)
+	TODO: check
+CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...)
+	TODO: check
+CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
+	TODO: check
 CVE-2017-12976 [Command injection via malicious ssh URLs]
 	- git-annex 6.20170818-1
 	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
@@ -18,8 +26,8 @@
 	[jessie] - binutils <ignored> (Minor issue)
 	[wheezy] - binutils <ignored> (Minor issue)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962
-CVE-2017-12966
-	RESERVED
+CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in ...)
+	TODO: check
 CVE-2017-12965
 	RESERVED
 CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
@@ -1243,6 +1251,7 @@
 	NOTE: https://curl.haxx.se/docs/adv_20170809A.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
 CVE-2017-1000100 [TFTP sends more than buffer size]
+	{DLA-1062-1}
 	- curl 7.55.0-1 (bug #871555)
 	NOTE: https://curl.haxx.se/docs/adv_20170809B.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000100.patch




More information about the Secure-testing-commits mailing list