[Secure-testing-commits] r49790 - data/CVE

Sun Mar 19 12:39:20 UTC 2017

Author: jmm
Date: 2017-03-19 12:39:19 +0000 (Sun, 19 Mar 2017)
New Revision: 49790

Modified:
   data/CVE/list
Log:
new android-platform-system-core issue
resolved two hdf TODOs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2017-03-19 12:23:47 UTC (rev 49789)
+++ data/CVE/list	2017-03-19 12:39:19 UTC (rev 49790)
@@ -35756,13 +35756,11 @@
 	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0179/
 	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/73640612aad91d3f04e4d8f1ea71d42acbc85f6e
-	TODO: check if fixing commit is correct
 CVE-2016-4332 (The library's failure to check if certain message types support a ...)
 	{DSA-3727-1 DLA-771-1}
 	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
 	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0178/
 	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88
-	TODO: check if correct fixing commit
 CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT ...)
 	{DSA-3727-1 DLA-771-1}
 	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
@@ -37026,7 +37024,7 @@
 CVE-2016-3922 (libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 ...)
 	NOT-FOR-US: Android Telephony
 CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...)
-	TODO: check
+	- android-platform-system-core <unfixed>
 CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before ...)
 	NOT-FOR-US: libstagefright
 CVE-2016-3919


