[Secure-testing-commits] r40546 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Mar 23 23:45:13 UTC 2016 

Author: jmm
Date: 2016-03-23 23:45:13 +0000 (Wed, 23 Mar 2016)
New Revision: 40546

Modified:
   data/CVE/list
Log:
another libsndfile no-dsa
Android NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-23 23:22:02 UTC (rev 40545)
+++ data/CVE/list	2016-03-23 23:45:13 UTC (rev 40546)
@@ -3207,12 +3207,13 @@
 	NOTE: https://nodesecurity.io/advisories/56
 	NOTE: nodejs not covered by security support
 CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
-	- libjs-handlebars <unfixed>
-	- ruby-handlebars-assets <unfixed>
+	- libjs-handlebars <unfixed> (unimportant)
+	- ruby-handlebars-assets <unfixed> (unimportant)
 	NOTE: fixed in 4.0.0
 	NOTE: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
 	NOTE: https://github.com/wycats/handlebars.js/pull/1083
 	NOTE: https://nodesecurity.io/advisories/61
+	NOTE: Security hardening, not a vulnerability
 CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
 	- mustache.js <unfixed> (unimportant)
 	NOTE: fixed in 2.2.1
@@ -8522,7 +8523,6 @@
 CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
 	- linux 4.3.1-1
 	NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
-	TODO: check
 CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)
 	TODO: check
 CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x ...)
@@ -8552,7 +8552,7 @@
 CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
 	TODO: check
 CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
-	TODO: check
+	NOT-FOR-US: Android drivers
 CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android ...)
 	TODO: check
 CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...)
@@ -8560,9 +8560,9 @@
 CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...)
 	TODO: check
 CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
-	TODO: check
+	NOT-FOR-US: Android drivers
 CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
-	TODO: check
+	NOT-FOR-US: Android drivers
 CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...)
 	- openssl 1.0.0c-2
 	- nss 3.13
@@ -8753,7 +8753,6 @@
 	- ruby-activesupport-3.2 <removed>
 	- ruby-activesupport-2.3 <removed>
 	- ruby-activemodel-3.2 <removed>
-	TODO: check
 CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails ...)
 	{DSA-3464-1}
 	- rails 2:4.2.5.1-1
@@ -13265,6 +13264,8 @@
 CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...)
 	{DLA-356-1}
 	- libsndfile 1.0.25-10 (bug #804447)
+	[jessie] - libsndfile <no-dsa> (Minor issue)
+	[wheezy] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
 CVE-2014-9753
 	RESERVED

More information about the Secure-testing-commits mailing list