[Secure-testing-commits] r52616 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Fri Jun 16 14:38:56 UTC 2017 

Author: jmm
Date: 2017-06-16 14:38:55 +0000 (Fri, 16 Jun 2017)
New Revision: 52616

Modified:
   data/CVE/list
Log:
"new" kernel already fixed
Android NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-16 13:57:03 UTC (rev 52615)
+++ data/CVE/list	2017-06-16 14:38:55 UTC (rev 52616)
@@ -218,13 +218,11 @@
 CVE-2017-9618
 	RESERVED
 CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
-	TODO: check
 CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (low)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
-	TODO: check
 CVE-2017-9615
 	RESERVED
 CVE-2017-9614
@@ -4077,25 +4075,27 @@
 CVE-2017-8243
 	RESERVED
 CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race ...)
-	TODO: check
+	- linux <not-affected> (Android-specific patch)
 CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel ...)
-	TODO: check
+	- linux 4.0.2-1
+	[jessie] - linux <not-affected> (Vulnerable code not present)
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...)
-	TODO: check
+	NOT-FOR-US: Android driver
 CVE-2017-8232
 	RESERVED
 CVE-2017-8231
@@ -4953,7 +4953,7 @@
 CVE-2016-10343
 	RESERVED
 CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party ...)
 	TODO: check
 CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer ...)
@@ -4963,7 +4963,7 @@
 CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an ...)
 	TODO: check
 CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions ...)
 	TODO: check
 CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt ...)
@@ -4973,7 +4973,7 @@
 CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive ...)
 	TODO: check
 CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo ...)
 	NOT-FOR-US: Synology Photo Station
 CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID ...)
@@ -5023,29 +5023,29 @@
 CVE-2015-9034
 	RESERVED
 CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a ...)
 	TODO: check
 CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
 	TODO: check
 CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
 	TODO: check
 CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some ...)
 	TODO: check
 CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access ...)
 	TODO: check
 CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
@@ -5057,15 +5057,15 @@
 CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
 	TODO: check
 CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a ...)
 	TODO: check
 CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer ...)
@@ -7082,16 +7082,22 @@
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 CVE-2014-9959
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2014-9958
 	RESERVED
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9957
 	RESERVED
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9956
 	RESERVED
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9955
 	RESERVED
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9954
 	RESERVED
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9953
 	RESERVED
 CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the ...)

More information about the Secure-testing-commits mailing list