[Secure-testing-commits] r55958 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Sep 21 07:17:09 UTC 2017 

Author: jmm
Date: 2017-09-21 07:17:06 +0000 (Thu, 21 Sep 2017)
New Revision: 55958

Modified:
   data/CVE/list
Log:
mark several android kernel CVEs as NFU
  these don't have a source release, so they must be related to non-GPL
  additions to the respective Android kernel builds
  for vulnerabilities affecting mainline, the Android bulletins
  refer to the upstream fix in git


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-21 05:49:13 UTC (rev 55957)
+++ data/CVE/list	2017-09-21 07:17:06 UTC (rev 55958)
@@ -39767,13 +39767,13 @@
 CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...)
@@ -50196,7 +50196,7 @@
 CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x ...)
 	NOT-FOR-US: Webview for Android
 CVE-2016-6753 (An information disclosure vulnerability in kernel components, ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 	NOTE: https://source.android.com/security/bulletin/2016-11-01.html
 CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components ...)
 	NOT-FOR-US: Qualcomm driver for Android
@@ -60374,11 +60374,11 @@
 CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
 	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
 CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
 	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
 CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One ...)
@@ -60434,7 +60434,7 @@
 CVE-2016-3776
 	REJECTED
 CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
-	- linux <undetermined>
+	NOT-FOR-US: Android kernel
 	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
 	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
 CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)

More information about the Secure-testing-commits mailing list