[Secure-testing-commits] r58147 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Thu Nov 30 17:10:55 UTC 2017


Author: hertzog
Date: 2017-11-30 17:10:55 +0000 (Thu, 30 Nov 2017)
New Revision: 58147

Modified:
   data/CVE/list
Log:
Add patches for simplesamlphp issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-11-30 15:53:22 UTC (rev 58146)
+++ data/CVE/list	2017-11-30 17:10:55 UTC (rev 58147)
@@ -13854,12 +13854,15 @@
 	NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
 	NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
 	NOTE: https://simplesamlphp.org/security/201612-03
+	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
 CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201612-04
+	NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
 CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201703-01
+	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439 https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
 CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in ...)
 	- simplesamlphp 1.14.15-1
 	[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
@@ -13867,16 +13870,20 @@
 	NOTE: https://simplesamlphp.org/security/201703-02
 CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...)
 	- simplesamlphp 1.14.15-1
+	[wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
 	NOTE: https://simplesamlphp.org/security/201704-01
 CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201704-02
+	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
 CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201705-01
+	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
 CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201708-01
+	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
 CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...)
 	{DSA-3969-1 DLA-1132-1}
 	- xen 4.8.1-1+deb9u3




More information about the Secure-testing-commits mailing list