[Secure-testing-commits] r50297 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Apr 3 14:37:19 UTC 2017 

Author: jmm
Date: 2017-04-03 14:37:19 +0000 (Mon, 03 Apr 2017)
New Revision: 50297

Modified:
   data/CVE/list
Log:
clarify ryzen CPU issue, not fixable via amd64-microcode updates
NFUs from Apple


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-03 13:12:24 UTC (rev 50296)
+++ data/CVE/list	2017-04-03 14:37:19 UTC (rev 50297)
@@ -525,7 +525,7 @@
 	[wheezy] - apt-cacher 1.7.6+deb7u1
 	NOTE: Workaround entry for DLA-873-1 since no CVE assigned
 CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...)
-	- amd64-microcode <undetermined>
+	NOT-FOR-US: Hardware bug in AMD Ryzen CPUs, cannot be fixed via micro code updates, but only BIOS updates
 CVE-2017-7261 (The vmw_surface_define_ioctl function in ...)
 	- linux 4.9.18-1
 CVE-2017-7260
@@ -14033,63 +14033,63 @@
 CVE-2017-2411
 	RESERVED
 CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2408 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2407 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2406 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2405 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2404 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2403 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2402 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2401 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2400 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2399 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2398 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2397 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2396 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2395 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2394 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2393 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2392 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	- libarchive <undetermined>
 CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2387
 	RESERVED
 CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2385 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2384 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2383 (An issue was discovered in certain Apple products. iCloud before 6.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...)
 	TODO: check, might affect sudo
 CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
@@ -14097,9 +14097,9 @@
 CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-2378 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check, might affect webkit as in Debian, then unimportant
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check, might affect webkit as in Debian, then unimportant
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-2375
@@ -14122,7 +14122,7 @@
 CVE-2017-2368 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
 	NOT-FOR-US: Apple
 CVE-2017-2367 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
 CVE-2017-2366 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
 	- webkit2gtk 2.14.4-1 (unimportant)
 	NOTE: Not covered by security support

More information about the Secure-testing-commits mailing list