[Secure-testing-commits] r50347 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Apr 4 16:58:43 UTC 2017
Author: jmm
Date: 2017-04-04 16:58:43 +0000 (Tue, 04 Apr 2017)
New Revision: 50347
Modified:
data/CVE/list
Log:
android NFUs
one new libv8 issue
issues in ITPed libskia
one potential kernel issue (but only in staging anyway)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-04 15:57:54 UTC (rev 50346)
+++ data/CVE/list 2017-04-04 16:58:43 UTC (rev 50347)
@@ -2784,12 +2784,16 @@
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
CVE-2017-6426
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6425
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6424
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6423
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10242
RESERVED
CVE-2016-10241
@@ -2798,24 +2802,33 @@
RESERVED
CVE-2016-10239
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2016-10238
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2016-10237
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2016-10236
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10235
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10234
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10233
RESERVED
CVE-2016-10232
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10231
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10230
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to ...)
- linux 4.5.1-1
[jessie] - linux 3.16.7-ckt20-1+deb8u2
@@ -2823,22 +2836,31 @@
NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
CVE-2015-9003
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-9002
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-9001
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-9000
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8999
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8998
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8997
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8996
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8995
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...)
- git 1:2.0.0~rc2-1
[wheezy] - git <not-affected> (Vulnerable code introduced in 1.8.1-rc0)
@@ -2847,18 +2869,25 @@
NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
CVE-2014-9937
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9936
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9935
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9934
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9933
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9932
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9931
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9930
RESERVED
CVE-2014-9929
@@ -17906,60 +17935,89 @@
RESERVED
CVE-2017-0586
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0585
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0584
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0583
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0582
RESERVED
+ NOT-FOR-US: HTC driver for Android
CVE-2017-0581
RESERVED
+ NOT-FOR-US: Synaptics driver for Android
CVE-2017-0580
RESERVED
+ NOT-FOR-US: Synaptics driver for Android
CVE-2017-0579
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0578
RESERVED
+ NOT-FOR-US: DTS driver for Android
CVE-2017-0577
RESERVED
+ NOT-FOR-US: HTC driver for Android
CVE-2017-0576
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0575
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0574
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0573
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0572
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0571
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0570
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0569
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0568
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0567
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0566
RESERVED
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-0565
RESERVED
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-0564
RESERVED
+ - linux <undetermined>
+ NOTE: present in drivers/staging/android/ion
CVE-2017-0563
RESERVED
+ NOT-FOR-US: HTC driver for Android
CVE-2017-0562
RESERVED
+ NOT-FOR-US: MediaTek driver for Android
CVE-2017-0561
RESERVED
+ NOT-FOR-US: Broadcom driver for Android
CVE-2017-0560
RESERVED
+ NOT-FOR-US: Android
CVE-2017-0559
RESERVED
+ - skia <itp> (bug #818180)
CVE-2017-0558
RESERVED
CVE-2017-0557
@@ -17970,6 +18028,7 @@
RESERVED
CVE-2017-0554
RESERVED
+ NOT-FOR-US: Android
CVE-2017-0553
RESERVED
CVE-2017-0552
@@ -17982,14 +18041,18 @@
RESERVED
CVE-2017-0548
RESERVED
+ - skia <itp> (bug #818180)
CVE-2017-0547
RESERVED
CVE-2017-0546
RESERVED
+ NOT-FOR-US: Android
CVE-2017-0545
RESERVED
+ NOT-FOR-US: Android
CVE-2017-0544
RESERVED
+ NOT-FOR-US: Android
CVE-2017-0543
RESERVED
CVE-2017-0542
@@ -18159,6 +18222,7 @@
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0462
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0461 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0460 (An elevation of privilege vulnerability in the Qualcomm networking ...)
@@ -18175,6 +18239,7 @@
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0454
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0453 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0452 (An information disclosure vulnerability in the Qualcomm camera driver ...)
@@ -18639,6 +18704,7 @@
RESERVED
CVE-2017-0339
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0337 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -18653,20 +18719,26 @@
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0332
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0331
RESERVED
CVE-2017-0330
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0329
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0328
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0327
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0326
RESERVED
CVE-2017-0325
RESERVED
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
@@ -22736,6 +22808,7 @@
RESERVED
CVE-2016-8489
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2016-8488
RESERVED
CVE-2016-8487
@@ -32892,12 +32965,14 @@
NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5349
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
NOT-FOR-US: Android
CVE-2016-5347
RESERVED
CVE-2016-5346
RESERVED
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5345
RESERVED
NOT-FOR-US: Qualcomm radio driver for Android
@@ -34254,6 +34329,8 @@
{DSA-3637-1}
- chromium-browser 52.0.2743.82-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
+ - libv8 <unfixed> (unimportant)
+ NOTE: libv8 not covered by security support
CVE-2016-5128 (objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome ...)
{DSA-3637-1}
- chromium-browser 52.0.2743.82-1
More information about the Secure-testing-commits
mailing list