[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Apr 5 14:20:24 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
331c35ec by Moritz Muehlenhoff at 2018-04-05T15:20:04+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36573,73 +36573,73 @@ CVE-2017-13309
 CVE-2017-13308
 	RESERVED
 CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver. ...)
 	NOT-FOR-US: Broadcom components for Android
 CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13300 (A denial of service vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13298 (A information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13297 (A information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13296 (A information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13295 (A denial of service vulnerability in the Android framework (package ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp ...)
 	NOT-FOR-US: Android framework (aosp email application)
 CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
 CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of ...)
-	TODO: check
+	NOT-FOR-US: Broadcom components for Android
 CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient ...)
 	NOT-FOR-US: Android
 CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds ...)
@@ -36653,7 +36653,7 @@ CVE-2017-13269 (A information disclosure vulnerability in the Android system ...
 CVE-2017-13268 (A information disclosure vulnerability in the Android system ...)
 	NOT-FOR-US: Android
 CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
 	NOT-FOR-US: Android
 CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/331c35ec3763e1011dae4c75005ab716f7580813

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/331c35ec3763e1011dae4c75005ab716f7580813
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180405/3d16e8cc/attachment.html>

More information about the debian-security-tracker-commits mailing list