[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 20 09:53:02 UTC 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a8cf161 by Moritz Muehlenhoff at 2018-02-20T10:52:37+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -30609,25 +30609,25 @@ CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performa
 CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...)
 	- linux 4.15.4-1
 	NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html
 	NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a
 CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...)
 	TODO: check
 CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless ...)
-	TODO: check
+	NOT-FOR-US: Broadcom components for Android
 CVE-2017-13160 (A remote code execution vulnerability in the Android system ...)
 	TODO: check
 CVE-2017-13159 (An information disclosure vulnerability in the Android system ...)
@@ -30641,17 +30641,17 @@ CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (a
 CVE-2017-13155
 	RESERVED
 CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...)
 	TODO: check
 CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ...)
 	TODO: check
 CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13148 (A denial of service vulnerability in the Android media framework ...)
 	TODO: check
 CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...)
@@ -33019,37 +33019,37 @@ CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was fo
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
 CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12555 (A remote arbitrary file download and disclosure of information ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management ...)
-	TODO: check
+	NOT-FOR-US: HPE Intelligent Management Center
 CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management ...)
-	TODO: check
+	NOT-FOR-US: HPE System Management Homepage
 CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management ...)
 	TODO: check
 CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...)
@@ -52374,6 +52374,7 @@ CVE-2017-6281
 	RESERVED
 CVE-2017-6280
 	RESERVED
+	NOT-FOR-US: Nvidia component for Android
 CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
 	NOT-FOR-US: Nvidia component for Android
 CVE-2017-6278
@@ -67506,7 +67507,7 @@ CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly valid
 CVE-2017-0880 (A denial of service vulnerability in the Android media framework ...)
 	- skia <itp> (bug #818180)
 CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ...)
 	TODO: check
 CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a8cf161617bf0f7c9097b572369f7dfa66929c4

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7a8cf161617bf0f7c9097b572369f7dfa66929c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/3df216ac/attachment-0001.html>


More information about the Secure-testing-commits mailing list