[Secure-testing-commits] r56108 - data/CVE

[Ben Hutchings]

Author: benh
Date: 2017-09-25 01:39:05 +0000 (Mon, 25 Sep 2017)
New Revision: 56108

Modified:
   data/CVE/list
Log:
CVE-2017-9417 affects and is unfixed in firmware-nonfree

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-24 21:44:04 UTC (rev 56107)
+++ data/CVE/list	2017-09-25 01:39:05 UTC (rev 56108)
@@ -14703,7 +14703,9 @@
 CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for ...)
 	NOT-FOR-US: WP-Testimonials plugin for WordPress
 CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...)
-	NOT-FOR-US: Broadcom hardware issue
+	- firmware-nonfree <unfixed> (bug #869639)
+	NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
+	NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
 CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
 	NOT-FOR-US: Odoo
 CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 ...)