[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Mark some questionable Apple CVE assignments as NFU

Moritz Muehlenhoff jmm at debian.org
Wed Apr 4 22:32:18 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ae5b8e0 by Moritz Muehlenhoff at 2018-04-04T23:29:29+02:00
Mark some questionable Apple CVE assignments as NFU
 - No point in investigating this further, we can only assume that Apple staff
   is stupid and assigned internal ID duplicates to otherwise public issues
   They can prove us wrong by providing proper commit references!

- - - - -
81a0add7 by Moritz Muehlenhoff at 2018-04-04T23:31:49+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35115,15 +35115,15 @@ CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before 
 CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple products. ...)
 	NOT-FOR-US: Apple
 CVE-2017-13816 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, potentially libarchive
+	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
 CVE-2017-13815 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-13814 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-13813 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, potentially libarchive
+	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
 CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, potentially libarchive
+	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
 CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before ...)
@@ -55992,25 +55992,25 @@ CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before .
 CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is ...)
-	TODO: check, potentially sqlite
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before 11 is ...)
-	TODO: check, potentially sqlite
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before 11 is ...)
-	TODO: check, potentially sqlite
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before 11 is ...)
-	TODO: check, potentially sqlite
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
-	TODO: check, potentially file
+	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
 CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before 11 is ...)
 	- webkit2gtk 2.18.1-1 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a1bf39232a988f00df252f9d602bccf59ef45dd3...81a0add70034707d5aee2f7b580be080ebe9d64e

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/a1bf39232a988f00df252f9d602bccf59ef45dd3...81a0add70034707d5aee2f7b580be080ebe9d64e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/a2950a4c/attachment.html>

More information about the debian-security-tracker-commits mailing list