[Secure-testing-commits] r40546 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Mar 23 23:45:13 UTC 2016
Author: jmm
Date: 2016-03-23 23:45:13 +0000 (Wed, 23 Mar 2016)
New Revision: 40546
Modified:
data/CVE/list
Log:
another libsndfile no-dsa
Android NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-23 23:22:02 UTC (rev 40545)
+++ data/CVE/list 2016-03-23 23:45:13 UTC (rev 40546)
@@ -3207,12 +3207,13 @@
NOTE: https://nodesecurity.io/advisories/56
NOTE: nodejs not covered by security support
CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
- - libjs-handlebars <unfixed>
- - ruby-handlebars-assets <unfixed>
+ - libjs-handlebars <unfixed> (unimportant)
+ - ruby-handlebars-assets <unfixed> (unimportant)
NOTE: fixed in 4.0.0
NOTE: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
NOTE: https://github.com/wycats/handlebars.js/pull/1083
NOTE: https://nodesecurity.io/advisories/61
+ NOTE: Security hardening, not a vulnerability
CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
- mustache.js <unfixed> (unimportant)
NOTE: fixed in 2.2.1
@@ -8522,7 +8523,6 @@
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
- linux 4.3.1-1
NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
- TODO: check
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)
TODO: check
CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x ...)
@@ -8552,7 +8552,7 @@
CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
TODO: check
CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: Android drivers
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android ...)
TODO: check
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...)
@@ -8560,9 +8560,9 @@
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...)
TODO: check
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: Android drivers
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: Android drivers
CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...)
- openssl 1.0.0c-2
- nss 3.13
@@ -8753,7 +8753,6 @@
- ruby-activesupport-3.2 <removed>
- ruby-activesupport-2.3 <removed>
- ruby-activemodel-3.2 <removed>
- TODO: check
CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails ...)
{DSA-3464-1}
- rails 2:4.2.5.1-1
@@ -13265,6 +13264,8 @@
CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...)
{DLA-356-1}
- libsndfile 1.0.25-10 (bug #804447)
+ [jessie] - libsndfile <no-dsa> (Minor issue)
+ [wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
CVE-2014-9753
RESERVED
More information about the Secure-testing-commits
mailing list