[Secure-testing-commits] r48741 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Feb 6 22:10:59 UTC 2017 

Author: jmm
Date: 2017-02-06 22:10:59 +0000 (Mon, 06 Feb 2017)
New Revision: 48741

Modified:
   data/CVE/list
Log:
android NFUs
one package in the archive
arc no-dsa for stretch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-02-06 21:58:18 UTC (rev 48740)
+++ data/CVE/list	2017-02-06 22:10:59 UTC (rev 48741)
@@ -21098,7 +21098,6 @@
 	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
 	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
 	NOTE: found.
-	TODO: check introducing version
 CVE-2016-7510 [Out-of-Bounds read]
 	RESERVED
 	{DLA-635-1}
@@ -21111,7 +21110,6 @@
 	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
 	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
 	NOTE: found.
-	TODO: check introducing version
 CVE-2016-7509
 	RESERVED
 CVE-2016-7508
@@ -22421,7 +22419,7 @@
 CVE-2016-7104
 	RESERVED
 CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: ownCloud Desktop
 CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers ...)
 	{DLA-731-1}
 	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
@@ -22683,9 +22681,9 @@
 CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...)
 	- moodle 2.7.16+dfsg-1
 CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt ...)
-	TODO: check
+	NOT-FOR-US: Malcolm Fell jwt
 CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact ...)
-	TODO: check
+	NOT-FOR-US: Python jose
 CVE-2016-7035 [improper IPC guarding]
 	RESERVED
 	- pacemaker 1.1.15-3 (bug #843041)
@@ -23392,19 +23390,19 @@
 CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
 	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6774 (An information disclosure vulnerability in Package Manager could ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder in ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a local ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could enable a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API could ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could enable a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6768 (A remote code execution vulnerability in the Framesequence library ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in ...)
@@ -23414,9 +23412,10 @@
 CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library ...)
-	TODO: check
+	- android-platform-system-core 1:7.0.0+r1-1
+	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
 CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
@@ -23493,9 +23492,9 @@
 CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6722 (An information disclosure vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x ...)
@@ -23503,15 +23502,15 @@
 CVE-2016-6720 (An information disclosure vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
@@ -23521,13 +23520,13 @@
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
 	TODO: check, possibly libvpx
 CVE-2016-6710 (An information disclosure vulnerability in the download manager in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6708 (An elevation of privilege in the System UI in Android 7.0 before ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6707 (An elevation of privilege vulnerability in System Server in Android ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android ...)
@@ -70298,6 +70297,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-XXXX [directory traversal]
 	- arc <unfixed> (low; bug #774527)
+	[stretch] - arc <no-dsa> (Minor issue)
 	[jessie] - arc <no-dsa> (Minor issue)
 	[wheezy] - arc <no-dsa> (Minor issue)
 	[squeeze] - arc <no-dsa> (Minor issue)
@@ -70677,6 +70677,7 @@
 	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2
 CVE-2015-XXXX [buffer over-read]
 	- arc <unfixed> (low; bug #774439)
+	[stretch] - arc <no-dsa> (Minor issue)
 	[jessie] - arc <no-dsa> (Minor issue)
 	[wheezy] - arc <no-dsa> (Minor issue)
 	[squeeze] - arc <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list