[Secure-testing-commits] r58258 - data/CVE

Luciano Bello luciano at moszumanska.debian.org
Tue Dec 5 04:02:20 UTC 2017 

Author: luciano
Date: 2017-12-05 04:02:19 +0000 (Tue, 05 Dec 2017)
New Revision: 58258

Modified:
   data/CVE/list
Log:
revisiting some nfu

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-04 22:34:40 UTC (rev 58257)
+++ data/CVE/list	2017-12-05 04:02:19 UTC (rev 58258)
@@ -50595,9 +50595,15 @@
 CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...)
 	TODO: check
 CVE-2017-0842 (An elevation of privilege vulnerability in the Android system ...)
-	TODO: check
+	NOT-FOR-US: Fluoride Bluetooth stack in Android
 CVE-2017-0841 (A remote code execution vulnerability in the Android system ...)
-	TODO: check
+	- android-platform-system-core <unfixed> (unimportant)
+	- firefox <unfixed>
+	- firefox-esr <unfixed>
+	- icedove <unfixed>
+	- thunderbird <unfixed>
+	TODO: Vulnerable code exists in firefox/firefox-esr and thunderbird/icedove but not sure if affected
+	NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/
 CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...)
@@ -50617,9 +50623,9 @@
 CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. ...)
 	NOT-FOR-US: Motorola bootloader
 CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. ...)
@@ -50633,9 +50639,10 @@
 CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. ...)
 	NOT-FOR-US: Broadcom driver for Android
 CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild). ...)
-	NOT-FOR-US: Android
+	NOT-FOR-US: Android (rild)
 CVE-2017-0822 (An elevation of privilege vulnerability in the Android system ...)
-	NOT-FOR-US: Android
+	- android-framework-23 <unfixed> (unimportant)
+	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a
 CVE-2017-0821
 	RESERVED
 CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: ...)
@@ -50726,7 +50733,7 @@
 	NOT-FOR-US: Android
 	NOTE: https://www.armis.com/blueborne/
 CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android ...)
-	NOT-FOR-US: Android
+	NOT-FOR-US: Android messaging
 CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...)
@@ -50780,9 +50787,10 @@
 CVE-2017-0754
 	RESERVED
 CVE-2017-0753 (A remote code execution vulnerability in the Android libraries ...)
-	NOT-FOR-US: Android
+	NOT-FOR-US: Android (libgdx)
 CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework ...)
-	NOT-FOR-US: Android
+	- android-framework-23 <unfixed> (unimportant)
+	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/
 CVE-2017-0751
 	RESERVED
 	NOT-FOR-US: Google drivers for Android
@@ -50947,9 +50955,14 @@
 CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: ...)
-	NOT-FOR-US: Android
+	- firefox-esr <unfixed>
+	- firefox 54.0-1
+	- qtwebengine-opensource-src <unfixed>
+	- icedove <unfixed>
+	- thunderbird <unfixed>
 CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. ...)
 	NOT-FOR-US: Android
+	NOTE: Not publicly available
 CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: ...)
 	NOT-FOR-US: Android
 CVE-2017-0669 (A information disclosure vulnerability in the Android framework. ...)
@@ -64251,7 +64264,7 @@
 CVE-2016-6025 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...)
 	NOT-FOR-US: IBM
 CVE-2016-6024 (IBM Jazz technology based products might divulge information that ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM ...)
 	NOT-FOR-US: IBM
 CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)

More information about the Secure-testing-commits mailing list