[Secure-testing-commits] r48622 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jan 31 18:00:46 UTC 2017 

Author: jmm
Date: 2017-01-31 18:00:46 +0000 (Tue, 31 Jan 2017)
New Revision: 48622

Modified:
   data/CVE/list
Log:
android NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-01-31 17:12:47 UTC (rev 48621)
+++ data/CVE/list	2017-01-31 18:00:46 UTC (rev 48622)
@@ -12852,9 +12852,9 @@
 CVE-2017-0405
 	RESERVED
 CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound subsystem ...)
-	- linux <undetermined>
+	- linux <not-affected> (Android-specific sound system)
 CVE-2017-0403 (An elevation of privilege vulnerability in the kernel performance ...)
-	- linux <undetermined>
+	- linux <not-affected> (Android-specific performance subsystem)
 CVE-2017-0402 (An information disclosure vulnerability in ...)
 	NOT-FOR-US: Android Audioserver
 CVE-2017-0401 (An information disclosure vulnerability in ...)
@@ -12866,7 +12866,7 @@
 CVE-2017-0398 (An information disclosure vulnerability in Audioserver could enable a ...)
 	NOT-FOR-US: Android Audioserver
 CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2017-0396 (An information disclosure vulnerability in ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could enable a ...)
@@ -12874,11 +12874,11 @@
 CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote ...)
 	NOT-FOR-US: Android Telephony
 CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...)
-	TODO: check
+	TODO: check, potentially libvpx
 CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...)
 	NOT-FOR-US: libstagefright
 CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver ...)
 	NOT-FOR-US: Android Mediaserver
 CVE-2017-0389 (A denial of service vulnerability in core networking could enable a ...)
@@ -17378,7 +17378,7 @@
 CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters as part ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	- linux <undetermined>
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
 	NOT-FOR-US: Broadcom Wi-Fi driver for Android
 CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
@@ -17392,7 +17392,7 @@
 CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	- linux <undetermined>
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
@@ -22701,13 +22701,13 @@
 CVE-2016-6768 (A remote code execution vulnerability in the Framesequence library ...)
 	TODO: check
 CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6765 (A denial of service vulnerability in libstagefright in Mediaserver ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ...)
 	TODO: check
 CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library ...)
@@ -22741,17 +22741,17 @@
 CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android before ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU driver in ...)
-	TODO: check
+	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6745 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	TODO: check
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6744 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	TODO: check
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6743 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	TODO: check
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
-	TODO: check
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
@@ -22761,7 +22761,7 @@
 CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
-	TODO: check
+	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
 	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
@@ -22794,7 +22794,7 @@
 CVE-2016-6722 (An information disclosure vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6720 (An information disclosure vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in ...)
@@ -22802,19 +22802,19 @@
 CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...)
 	TODO: check
 CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in ...)
 	TODO: check
 CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs in ...)
 	TODO: check
 CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
-	TODO: check
+	TODO: check, possibly libvpx
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
-	TODO: check
+	TODO: check, possibly libvpx
 CVE-2016-6710 (An information disclosure vulnerability in the download manager in ...)
 	TODO: check
 CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in ...)
@@ -22826,9 +22826,9 @@
 CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...)
-	TODO: check
+	NOT-FOR-US: Android Mediaserver
 CVE-2016-6703 (A remote code execution vulnerability in an Android runtime library in ...)
 	TODO: check
 CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x before ...)
@@ -22844,17 +22844,17 @@
 CVE-2016-6697
 	RESERVED
 CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus ...)
 	- android <itp> (bug #459219)
 CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices ...)
@@ -22872,27 +22872,27 @@
 CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows ...)
 	- android <itp> (bug #459219)
 CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Motorola driver for Android
 CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows ...)
 	- android <itp> (bug #459219)
 CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
-	- android <itp> (bug #459219)
+	NOT-FOR-US: Synaptics driver for Android
 CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...)
 	- linux 4.0.4-1
 	[jessie] - linux 3.16.7-ckt17-1

More information about the Secure-testing-commits mailing list