[Secure-testing-commits] r49818 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Sun Mar 19 21:14:16 UTC 2017
Author: jmm
Date: 2017-03-19 21:14:16 +0000 (Sun, 19 Mar 2017)
New Revision: 49818
Modified:
data/CVE/list
Log:
new android-platform-system-core issue
NFUs
resolve TODO for old libgd issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-19 21:10:12 UTC (rev 49817)
+++ data/CVE/list 2017-03-19 21:14:16 UTC (rev 49818)
@@ -34546,7 +34546,7 @@
CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and ...)
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers to cause ...)
- TODO: check
+ - libarchive <undetermined>
CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
@@ -37158,7 +37158,7 @@
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, ...)
NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
- TODO: check
+ - android-platform-system-core <unfixed> (bug #858177)
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, ...)
@@ -37171,7 +37171,7 @@
NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3855 (drivers/thermal/supply_lm_core.c in the Qualcomm components in Android ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in ...)
@@ -37222,7 +37222,7 @@
CVE-2016-3833 (The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
NOT-FOR-US: Android
CVE-2016-3832 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before ...)
NOT-FOR-US: Android
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
@@ -39176,7 +39176,6 @@
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
- TODO: check (texlive, libwmf)
CVE-2016-3073
RESERVED
CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...)
@@ -55298,7 +55297,7 @@
CVE-2015-6623 (Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain ...)
NOT-FOR-US: Android
CVE-2015-6622 (The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6621 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
NOT-FOR-US: Android
CVE-2015-6620 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...)
More information about the Secure-testing-commits
mailing list