[Secure-testing-commits] r49687 - data/CVE

Ben Hutchings benh at moszumanska.debian.org
Tue Mar 14 20:11:52 UTC 2017 

Author: benh
Date: 2017-03-14 20:11:52 +0000 (Tue, 14 Mar 2017)
New Revision: 49687

Modified:
   data/CVE/list
Log:
Mark CVE-2017-0537 as NOT-FOR-US, and add notes for other Android-related CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-14 20:03:29 UTC (rev 49686)
+++ data/CVE/list	2017-03-14 20:11:52 UTC (rev 49687)
@@ -16263,7 +16263,9 @@
 CVE-2017-0538
 	RESERVED
 CVE-2017-0537 (An information disclosure vulnerability in the kernel USB gadget ...)
-	- linux <undetermined>
+	NOT-FOR-US: Nvidia driver for Android
+	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
+	NOTE: Android bulletin lists as affecting only Pixel C (Tegra X1) and Tegra USB gadget mode is not in mainline Linux
 CVE-2017-0536 (An information disclosure vulnerability in the Synaptics touchscreen ...)
 	NOT-FOR-US: Synaptics driver for Android
 CVE-2017-0535 (An information disclosure vulnerability in the HTC sound codec driver ...)
@@ -16282,6 +16284,8 @@
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-0528 (An elevation of privilege vulnerability in the kernel security ...)
 	- linux <undetermined>
+	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
+	NOTE: Android bulletin lists as affecting only Pixel and Pixel XL (Qualcomm Snapdragon) so probably relates to Qualcomm driver
 CVE-2017-0527 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver ...)
 	NOT-FOR-US: HTC driver for Android
 CVE-2017-0526 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver ...)
@@ -16484,6 +16488,9 @@
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system ...)
 	- linux <undetermined>
+	NOTE: https://source.android.com/security/bulletin/2017-02-01.html
+	NOTE: Android bulletin lists all recent devices as affected.
+	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
 CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could enable ...)
 	NOT-FOR-US: Android filesystem layout
 CVE-2017-0425 (An information disclosure vulnerability in Audioserver could enable a ...)
@@ -26353,6 +26360,7 @@
 	NOT-FOR-US: Webview for Android
 CVE-2016-6753 (An information disclosure vulnerability in kernel components, ...)
 	- linux <undetermined>
+	NOTE: https://source.android.com/security/bulletin/2016-11-01.html
 CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components ...)

More information about the Secure-testing-commits mailing list