[Secure-testing-commits] r49837 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Mar 20 09:39:47 UTC 2017 

Author: jmm
Date: 2017-03-20 09:39:47 +0000 (Mon, 20 Mar 2017)
New Revision: 49837

Modified:
   data/CVE/list
Log:
NFU
cleared further TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-20 09:24:44 UTC (rev 49836)
+++ data/CVE/list	2017-03-20 09:39:47 UTC (rev 49837)
@@ -43804,7 +43804,6 @@
 	[wheezy] - libxslt 1.1.26-14.1+deb7u1
 	NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
 	NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
-	TODO: checking with MITRE if association to the CVE is correct, bu seems the only valid one
 CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...)
 	{DSA-3593-1 DLA-503-1}
 	- libxml2 2.9.3+dfsg1-1.1
@@ -47261,7 +47260,7 @@
 CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...)
 	NOT-FOR-US: Android
 CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x ...)
 	NOT-FOR-US: Android
 CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before ...)
@@ -52687,7 +52686,6 @@
 	NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
 	NOTE: http://www.mitls.org/pages/attacks/SLOTH
-	TODO: check other possible affected libraries (PolarSSL/mbedTLS, ...)
 CVE-2015-7574
 	RESERVED
 CVE-2015-7573
@@ -52787,7 +52785,6 @@
 	[jessie] - ruby2.1 2.1.5-2+deb8u3
 	- ruby2.2 2.2.4-1 (bug #796551)
 	NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
-	TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since affects multiple ruby versions
 CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the Linux ...)
 	{DSA-3434-1 DLA-378-1}
 	- linux 4.3.3-3

More information about the Secure-testing-commits mailing list