[Secure-testing-commits] r49492 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Mar 7 21:47:09 UTC 2017
Author: jmm
Date: 2017-03-07 21:47:09 +0000 (Tue, 07 Mar 2017)
New Revision: 49492
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-07 21:10:12 UTC (rev 49491)
+++ data/CVE/list 2017-03-07 21:47:09 UTC (rev 49492)
@@ -35445,7 +35445,7 @@
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before ...)
NOT-FOR-US: Android
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices ...)
@@ -35453,7 +35453,7 @@
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in ...)
NOT-FOR-US: libstagefright
CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in ...)
NOT-FOR-US: libstagefright
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, ...)
@@ -35465,13 +35465,13 @@
CVE-2016-3866 (The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3865 (The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus ...)
- TODO: check
+ NOT-FOR-US: Synaptics driver for Android
CVE-2016-3864 (The Qualcomm radio interface layer in Android before 2016-09-05 on ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
TODO: check
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
@@ -35479,7 +35479,7 @@
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...)
{DLA-609-1}
- linux 4.7.2-1 (unimportant)
@@ -35579,15 +35579,15 @@
CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on ...)
@@ -35675,7 +35675,7 @@
CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before ...)
TODO: check
CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before ...)
@@ -35701,7 +35701,7 @@
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android ...)
NOT-FOR-US: Specific CVE assignment for libpng "fork" used on Android
CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x ...)
NOT-FOR-US: Android
CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows ...)
@@ -41212,21 +41212,21 @@
NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4)
NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1)
CVE-2016-2068 (The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2067 (drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2065 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2064 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2063 (Stack-based buffer overflow in the supply_lm_input_write function in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2062 (The adreno_perfcounter_query_group function in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the Linux ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as ...)
NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...)
@@ -42033,7 +42033,7 @@
CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
NOT-FOR-US: Apple
CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
NOT-FOR-US: Apple
CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
@@ -53733,7 +53733,7 @@
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does ...)
NOT-FOR-US: libstagefright in Android
CVE-2015-6574 (The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP ...)
- TODO: check
+ NOT-FOR-US: SISCO MMS-EASE
CVE-2015-6573
RESERVED
CVE-2015-6572
@@ -53763,7 +53763,7 @@
CVE-2015-6557 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
NOT-FOR-US: IBM
CVE-2015-6556 (EACommunicatorSrv.exe in the Framework Service in the client in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2015-6555 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
NOT-FOR-US: Symantec
CVE-2015-6554 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
@@ -53799,9 +53799,9 @@
CVE-2015-6539
RESERVED
CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles ...)
- TODO: check
+ NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6537 (SQL injection vulnerability in the login page in Epiphany Cardio ...)
- TODO: check
+ NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6536
RESERVED
CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in ...)
@@ -53903,7 +53903,7 @@
CVE-2015-6508 (Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 ...)
NOT-FOR-US: pfSense
CVE-2015-6507 (The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-6833 (Directory traversal vulnerability in the PharData class in PHP before ...)
{DSA-3344-1 DLA-341-1}
- php5 5.6.12+dfsg-1
@@ -53985,7 +53985,7 @@
CVE-2015-6478 (Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict ...)
NOT-FOR-US: Unitronics VisiLogic OPLC IDE
CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm ...)
- TODO: check
+ NOT-FOR-US: Nordex Control
CVE-2015-6476 (Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x ...)
NOT-FOR-US: Advantech EKI-122x-BE devices
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ...)
@@ -55062,11 +55062,11 @@
CVE-2015-5971
RESERVED
CVE-2015-5970 (The ChangePassword RPC method in Novell ZENworks Configuration ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server package ...)
- TODO: check
+ NOT-FOR-US: SuSE-specific mysql packaging bug
CVE-2015-5968 (Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot ...)
- TODO: check
+ NOT-FOR-US: Novell
CVE-2015-5967
RESERVED
CVE-2015-5966
@@ -55256,7 +55256,7 @@
CVE-2015-5932 (The kernel in Apple OS X before 10.11.1 allows local users to gain ...)
NOT-FOR-US: Apple
CVE-2015-5931 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2015-5930 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
NOT-FOR-US: Apple
CVE-2015-5929 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
@@ -55775,7 +55775,7 @@
CVE-2015-5708
RESERVED
CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote ...)
- pcre3 2:8.38-1
[jessie] - pcre3 2:8.35-3.3+deb8u2
@@ -56005,7 +56005,7 @@
NOTE: https://github.com/geddy/geddy/pull/699
NOTE: https://nodesecurity.io/advisories/10
CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote ...)
- TODO: check
+ NOT-FOR-US: Anchor CMS
CVE-2015-5686
RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
@@ -56045,17 +56045,17 @@
CVE-2015-5674
RESERVED
CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
- TODO: check
+ NOT-FOR-US: ISUCON5 qualifier portal
CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy ...)
- TODO: check
+ NOT-FOR-US: TYPE-MOON
CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5670 (Cross-site scripting (XSS) vulnerability in Techno Project Japan ...)
- TODO: check
+ NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5669 (Techno Project Japan Enisys Gw before 1.4.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5668 (SQL injection vulnerability in Techno Project Japan Enisys Gw before ...)
- TODO: check
+ NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module ...)
{DLA-339-1}
- libhtml-scrubber-perl 0.15-1 (bug #803943)
@@ -56101,7 +56101,7 @@
CVE-2015-5650 (Directory traversal vulnerability in AjaXplorer 2.0 allows remote ...)
TODO: check
CVE-2015-5649 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2015-5648 (SQL injection vulnerability in list.php in phpRechnung before 1.6.5 ...)
NOT-FOR-US: phpRechnung
CVE-2015-5647 (The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x ...)
More information about the Secure-testing-commits
mailing list