[Secure-testing-commits] r55383 - data/CVE

Sat Sep 2 09:10:16 UTC 2017

Author: sectracker
Date: 2017-09-02 09:10:16 +0000 (Sat, 02 Sep 2017)
New Revision: 55383

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-09-02 08:28:51 UTC (rev 55382)
+++ data/CVE/list	2017-09-02 09:10:16 UTC (rev 55383)
@@ -1,3 +1,11 @@
+CVE-2017-14113
+	RESERVED
+CVE-2017-14112
+	RESERVED
+CVE-2017-14111
+	RESERVED
+CVE-2017-14110
+	RESERVED
 CVE-2017-1000201
 	NOT-FOR-US: tcmu-runner
 CVE-2017-1000200
@@ -173,8 +181,8 @@
 	[stretch] - ffmpeg <postponed> (Can be fixed along when more severe issues are being fixed)
 	- libav <undetermined>
 	NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
-CVE-2017-14053
-	RESERVED
+CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...)
+	TODO: check
 CVE-2017-14052
 	RESERVED
 CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...)
@@ -3462,22 +3470,18 @@
 	NOT-FOR-US: C.P.Sub
 CVE-2017-12854
 	RESERVED
-CVE-2017-12874 [Incorrect signature verification]
-	RESERVED
+CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof ...)
 	- simplesamlphp 1.14.11-1
 	NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
 	NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
 	NOTE: https://simplesamlphp.org/security/201612-03
-CVE-2017-12873 [Incorrect persistent NameID generation]
-	RESERVED
+CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201612-04
-CVE-2017-12872 [Multiple timing side-channel issues]
-	RESERVED
+CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...)
 	- simplesamlphp 1.14.15-1
 	NOTE: https://simplesamlphp.org/security/201703-01
-CVE-2017-12871 [Incorrect IV generation for encryption]
-	RESERVED
+CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in ...)
 	- simplesamlphp 1.14.15-1
 	[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
 	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
@@ -3913,12 +3917,12 @@
 	NOTE: https://curl.haxx.se/docs/adv_20170809C.html
 	NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
 	NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
-CVE-2017-12693
-	RESERVED
-CVE-2017-12692
-	RESERVED
-CVE-2017-12691
-	RESERVED
+CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...)
+	TODO: check
+CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...)
+	TODO: check
+CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...)
+	TODO: check
 CVE-2017-12690
 	RESERVED
 CVE-2017-12689
@@ -4646,12 +4650,12 @@
 	[wheezy] - shadow <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
 	NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5)
-CVE-2017-12423
-	RESERVED
+CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...)
+	TODO: check
 CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before ...)
 	NOT-FOR-US: NetApp
-CVE-2017-12421
-	RESERVED
+CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...)
+	TODO: check
 CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp ...)
 	NOT-FOR-US: NetApp
 CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on ...)
@@ -64905,8 +64909,8 @@
 	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
 CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with ...)
 	NOT-FOR-US: Firmware in Lexmark printers
-CVE-2016-1895
-	RESERVED
+CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote ...)
+	TODO: check
 CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote ...)
 	NOT-FOR-US: NetApp
 CVE-2016-1893


