[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark some questionable Apple CVE assignments as NFU

Moritz Muehlenhoff jmm at debian.org
Thu Apr 12 19:53:41 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae688ea7 by Moritz Muehlenhoff at 2018-04-12T20:52:58+02:00
Mark some questionable Apple CVE assignments as NFU
 No point in investigating this further, we can only assume that Apple staff
 is stupid and assigned internal ID duplicates to otherwise public issues
 They can prove us wrong by providing proper commit references!

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36874,7 +36874,7 @@ CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before 
 CVE-2017-13847 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
 	NOT-FOR-US: Apple
 CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check, potentially PCRE
+	NOT-FOR-US: Potentially src:pcre3, but Apple doesn't play by the rules
 CVE-2017-13845
 	RESERVED
 CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
@@ -58172,9 +58172,9 @@ CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.
 CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	NOT-FOR-US: Apple
 CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
-	TODO: check
+	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
 CVE-2017-7000 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
 	{DSA-3926-1}
 	- chromium-browser 60.0.3112.78-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae688ea7e4497386d4ae990c4a7991769f6605dd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae688ea7e4497386d4ae990c4a7991769f6605dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180412/84044108/attachment.html>

More information about the debian-security-tracker-commits mailing list