[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue Feb 20 16:43:43 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42dbff42 by Moritz Muehlenhoff at 2018-02-20T17:43:17+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23001,7 +23001,7 @@ CVE-2017-15851
 CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -25878,14 +25878,18 @@ CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14915
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14913
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14912
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14911
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14910
 	RESERVED
 	NOT-FOR-US: Qualcomm component for Android
@@ -25897,6 +25901,7 @@ CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 	NOT-FOR-US: Qualcomm closed-source components on Android
 CVE-2017-14906
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -30504,9 +30509,9 @@ CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel b
 CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics ...)
 	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
 CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. This ...)
-	TODO: check
+	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
 CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write ...)
-	TODO: check
+	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
 CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...)
 	- linux 4.14.17-1 (unimportant)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -30516,19 +30521,19 @@ CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ..
 	[jessie] - linux 3.16.7-ckt25-1
 	[wheezy] - linux 3.2.78-1
 CVE-2017-13214 (In the hardware HEVC decoder, some media files could cause a page ...)
-	TODO: check
+	NOT-FOR-US: HTC components for Android
 CVE-2017-13213 (An elevation of privilege vulnerability in the Broadcom bcmdhd driver. ...)
 	NOT-FOR-US: Broadcom component for Android
 CVE-2017-13212 (An elevation of privilege vulnerability in the Android system ...)
 	NOT-FOR-US: Android
 CVE-2017-13211 (In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13210 (In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13209 (In the ServiceManager::add function in the hardware service manager, ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13208 (In receive_packet of libnetutils/packet.c, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13207 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13206 (An information disclosure vulnerability in the Android media framework ...)
@@ -30546,24 +30551,24 @@ CVE-2017-13201 (An information disclosure vulnerability in the Android media fra
 CVE-2017-13200 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13199 (In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13198 (A vulnerability in the Android media framework (ex) related to ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13197 (In the ihevcd_parse_slice.c function, slave threads are not joined if ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur due to ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...)
 	- libvpx 1.7.0-2
 	NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
 CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13192 (In the ihevcd_parse_slice_header function of ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13191 (In the ihevcd_decode function of ihevcd_decode.c, there is an infinite ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13190 (A vulnerability in the Android media framework (libhevc) related to ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13189 (A vulnerability in the Android media framework (libavc) related to ...)
@@ -30577,23 +30582,23 @@ CVE-2017-13186 (A vulnerability in the Android media framework (libavc) related 
 CVE-2017-13185 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible ...)
 	TODO: check
 CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13179 (In the ihevcd_allocate_static_bufs and ihevcd_create functions of ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13178 (In the initDecoder function of SoftAVCDec, there is a possible ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13177 (In several functions of libhevc, NEON registers are not preserved. ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper input ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: ...)
@@ -32483,23 +32488,23 @@ CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderC
 CVE-2017-12727
 	RESERVED
 CVE-2017-12726 (A Use of Hard-coded Password issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12725 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12724 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12723 (A Password in Configuration File issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12722 (An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12721 (An Improper Certificate Validation issue was discovered in Smiths ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12720 (An Improper Access Control issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech ...)
 	NOT-FOR-US: Advantech
 CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical ...)
-	TODO: check
+	NOT-FOR-US: Smiths Medical Medfusion
 CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2017-12716
@@ -37388,7 +37393,7 @@ CVE-2017-11071
 CVE-2017-11070
 	RESERVED
 CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11068
 	RESERVED
 CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -37507,6 +37512,7 @@ CVE-2017-11011
 	RESERVED
 CVE-2017-11010
 	RESERVED
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11009
 	RESERVED
 CVE-2017-11008
@@ -67525,7 +67531,7 @@ CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework 
 CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...)
 	NOT-FOR-US: Android
 CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA components for Android
 CVE-2017-0868
 	RESERVED
 CVE-2017-0867
@@ -67558,7 +67564,7 @@ CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Produ
 CVE-2017-0856
 	RESERVED
 CVE-2017-0855 (In MPEG4Extractor.cpp, there are several places where functions return ...)
-	TODO: check
+	NOT-FOR-US: Android media framework
 CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...)
 	NOT-FOR-US: Android media framework
 CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42dbff425ead540716be20b076c94e080d5789b3

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/42dbff425ead540716be20b076c94e080d5789b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180220/4f854164/attachment-0001.html>

More information about the Secure-testing-commits mailing list