[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 20 12:28:44 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c8a8757 by Moritz Muehlenhoff at 2018-02-20T13:27:05+01:00
NFUs

- - - - -
9c1b232c by Moritz Muehlenhoff at 2018-02-20T13:28:19+01:00
new android-libziparchive issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -30597,7 +30597,7 @@ CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper 
 CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth ...)
@@ -30623,35 +30623,35 @@ CVE-2017-13164 (An information disclosure vulnerability in the kernel binder dri
 CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...)
 	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...)
-	TODO: check
+	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
 CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless ...)
 	NOT-FOR-US: Broadcom components for Android
 CVE-2017-13160 (A remote code execution vulnerability in the Android system ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13159 (An information disclosure vulnerability in the Android system ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13158 (An information disclosure vulnerability in the Android system ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13157 (An information disclosure vulnerability in the Android system ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). ...)
-	TODO: check
+	- android-platform-system-core <unfixed>
 CVE-2017-13155
 	RESERVED
 CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-13148 (A denial of service vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...)
 	- graphicsmagick <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
@@ -52548,7 +52548,7 @@ CVE-2017-6213
 CVE-2017-6212
 	REJECTED
 CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
 	{DSA-3804-1 DLA-849-1}
 	- linux 4.9.13-1
@@ -67507,23 +67507,23 @@ CVE-2017-0880 (A denial of service vulnerability in the Android media framework 
 CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0875
 	RESERVED
 CVE-2017-0874 (A denial of service vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0873 (A denial of service vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could ...)
 	TODO: check
 CVE-2017-0868
@@ -67595,7 +67595,7 @@ CVE-2017-0839 (An information disclosure vulnerability in the Android media fram
 CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...)
-	TODO: check
+	NOT-FOR-US: Android Media Framework
 CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/82a31b7479c90df36eed9f7f868b0d9d2a56b64e...9c1b232c6d6f575401682d77711bf92aefa7b234

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/82a31b7479c90df36eed9f7f868b0d9d2a56b64e...9c1b232c6d6f575401682d77711bf92aefa7b234
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/0f3f79d0/attachment.html>

More information about the Secure-testing-commits mailing list