[Secure-testing-commits] r58504 - data/CVE

Wed Dec 13 03:05:29 UTC 2017

Author: pabs
Date: 2017-12-13 03:05:28 +0000 (Wed, 13 Dec 2017)
New Revision: 58504

Modified:
   data/CVE/list
Log:
ROBOT Attack: add NFUs and notes

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-12-12 21:16:41 UTC (rev 58503)
+++ data/CVE/list	2017-12-13 03:05:28 UTC (rev 58504)
@@ -726,8 +726,14 @@
 	RESERVED
 CVE-2017-17428
 	RESERVED
+	NOT-FOR-US: Cisco ACE
+	NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+	NOTE: https://robotattack.org/
 CVE-2017-17427
 	RESERVED
+	NOT-FOR-US: Radware
+	NOTE: https://portals.radware.com/getattachment/21be0b7b-fa1c-4cbc-8bd2-c19946aee270/Security-Advisory-Adaptive-chosen-ciphertext-atta/
+	NOTE: https://robotattack.org/
 CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...)
 	- glibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
 	- eglibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
@@ -923,6 +929,9 @@
 	- jenkins <removed>
 CVE-2017-17382
 	RESERVED
+	NOT-FOR-US: Citrix
+	NOTE: https://support.citrix.com/article/CTX230238
+	NOTE: https://robotattack.org/
 CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
 	- qemu <unfixed> (bug #883625)
 	[stretch] - qemu <postponed> (Can be fixed along in later update)
@@ -2471,6 +2480,7 @@
 	NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7)
 	NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4)
 	NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7)
+	NOTE: https://robotattack.org/
 CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory ...)
 	NOT-FOR-US: WooCommerce plugin for WordPress
 CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...)
@@ -15272,10 +15282,13 @@
 	RESERVED
 	- wolfssl <unfixed> (bug #884235)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
+	NOTE: https://robotattack.org/
 CVE-2017-13098
 	RESERVED
 	- bouncycastle <unfixed> (bug #884241)
+	NOTE: Fixed in 1.59 beta 9
 	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
+	NOTE: https://robotattack.org/
 CVE-2017-13097
 	RESERVED
 CVE-2017-13096
@@ -36991,6 +37004,8 @@
 	RESERVED
 CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
 	NOT-FOR-US: F5 BIG-IP
+	NOTE: https://support.f5.com/csp/article/K21905460
+	NOTE: https://robotattack.org/
 CVE-2017-6167
 	RESERVED
 CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
@@ -63094,6 +63109,8 @@
 CVE-2016-6883 (MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote ...)
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
+	NOTE: Fixed in 3.8.3 https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md#changes-in-383
+	NOTE: https://robotattack.org/
 CVE-2016-6882 (MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is ...)
 	- matrixssl <removed>
 	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -159243,6 +159260,8 @@
 CVE-2012-5081 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
 	- openjdk-7 7u3-2.1.3-1 (bug #690774)
+	NOTE: https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
+	NOTE: https://robotattack.org/
 CVE-2012-5080 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)


