[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Apr 4 22:39:11 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3d0ad7f by Moritz Muehlenhoff at 2018-04-04T23:38:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43564,7 +43564,7 @@ CVE-2017-11077
 CVE-2017-11076
 	RESERVED
 CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -55293,9 +55293,9 @@ CVE-2016-10301
 CVE-2016-10300
 	RESERVED
 CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...)
@@ -55356,21 +55356,21 @@ CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
 CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...)
@@ -55393,7 +55393,7 @@ CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source
 CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
@@ -55891,19 +55891,19 @@ CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary O
 CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 ...)
 	NOT-FOR-US: Chef Manage
 CVE-2017-7173 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7172 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7171 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7170 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7169
 	RESERVED
 CVE-2017-7168
 	RESERVED
 CVE-2017-7167 (An issue was discovered in certain Apple products. Xcode before 9.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7166
 	RESERVED
 CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
@@ -55912,7 +55912,7 @@ CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.
 	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
 	NOTE: Not covered by security support
 CVE-2017-7164 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Intel Graphics Driver on Apple / macOS
 CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
@@ -56142,7 +56142,7 @@ CVE-2017-7077 (An issue was discovered in certain Apple products. macOS before 1
 CVE-2017-7076 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-7075 (An issue was discovered in certain Apple products. iOS before 11 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7074 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
 	NOT-FOR-US: Apple
 CVE-2017-7073
@@ -56152,7 +56152,7 @@ CVE-2017-7072 (An issue was discovered in certain Apple products. iOS before 11 
 CVE-2017-7071 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
 	TODO: check
 CVE-2017-7070 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
 	NOT-FOR-US: Apple
 CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
@@ -56161,7 +56161,7 @@ CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.
 CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-7066 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7065 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
 	NOT-FOR-US: Broadcom driver for Android
 CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
@@ -56343,9 +56343,9 @@ CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.
 CVE-2017-7005 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	TODO: check
 CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	TODO: check
 CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
@@ -56404,7 +56404,7 @@ CVE-2017-6978 (An issue was discovered in certain Apple products. macOS before .
 CVE-2017-6977 (An issue was discovered in certain Apple products. macOS before ...)
 	NOT-FOR-US: Apple
 CVE-2017-6976 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-6975 (Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack ...)
 	NOT-FOR-US: Applie
 CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before ...)
@@ -57982,7 +57982,7 @@ CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. .
 CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec ...)
@@ -65390,21 +65390,21 @@ CVE-2017-3973
 CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...)
 	NOT-FOR-US: McAfee
 CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3970
 	RESERVED
 CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3968
 	RESERVED
 CVE-2017-3967 (Target influence via framing vulnerability in the web interface in ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2017-3963
 	REJECTED
 CVE-2017-3962
@@ -71671,7 +71671,7 @@ CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 disclose
 CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...)
 	NOT-FOR-US: IBM DataPower Gateways
 CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1771
 	RESERVED
 CVE-2017-1770
@@ -71749,7 +71749,7 @@ CVE-2017-1735
 CVE-2017-1734
 	RESERVED
 CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1732
 	RESERVED
 CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
@@ -71967,7 +71967,7 @@ CVE-2017-1626
 CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...)
 	NOT-FOR-US: IBM
 CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM QRadar
 CVE-2017-1622
@@ -79270,15 +79270,15 @@ CVE-2016-8489
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8488 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8487 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8486 (An information disclosure vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8485 (An information disclosure vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8482
@@ -126180,7 +126180,7 @@ CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool 
 CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to ...)
 	NOT-FOR-US: IBM
 CVE-2015-1975 (The web administration tool in IBM Tivoli Security Directory Server ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server ...)
 	NOT-FOR-US: IBM
 CVE-2015-1973



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3d0ad7fde11babd351d2f44d8b6cc9809bb8b14

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a3d0ad7fde11babd351d2f44d8b6cc9809bb8b14
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180404/e2210af1/attachment.html>

More information about the debian-security-tracker-commits mailing list