[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Jul 9 17:08:12 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65a2ebae by Moritz Muehlenhoff at 2018-07-09T18:07:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -692,7 +692,7 @@ CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer derefe
 	- audiofile <unfixed>
 	NOTE: https://github.com/mpruett/audiofile/issues/49
 CVE-2018-13439 (WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a ...)
-	TODO: check
+	NOT-FOR-US: WeChat Pay Java SDK
 CVE-2018-13438
 	RESERVED
 CVE-2018-13437
@@ -704,7 +704,7 @@ CVE-2018-13435
 CVE-2018-13434
 	RESERVED
 CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as ...)
-	TODO: check
+	NOT-FOR-US: Boostnote
 CVE-2018-13432
 	RESERVED
 CVE-2018-13431
@@ -18564,9 +18564,9 @@ CVE-2017-18161
 CVE-2017-18160
 	RESERVED
 CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18157
 	RESERVED
 CVE-2017-18156
@@ -21313,21 +21313,21 @@ CVE-2018-5837
 	RESERVED
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5836 (In wma_nan_rsp_event_handler() in Android releases from CAF using the ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5835 (If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5834 (In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5833
 	RESERVED
 CVE-2018-5832 (Due to a race condition in a camera driver ioctl handler in Android ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5831 (In the KGSL driver in Android releases from CAF using the linux kernel ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5830 (While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5829 (In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -27672,7 +27672,7 @@ CVE-2018-3599 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android 
 CVE-2018-3598 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the linux ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3595
@@ -27692,7 +27692,7 @@ CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm ...
 CVE-2018-3588
 	RESERVED
 CVE-2018-3587 (In a firmware memory dump feature in all Android releases from CAF ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3586 (An integer overflow to buffer overflow vulnerability exists in the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3585
@@ -27712,7 +27712,7 @@ CVE-2018-3579 (In the WLAN driver in all Android releases from CAF (Android for 
 CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate less ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3577 (While processing fragments, when the fragment count becomes very ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3576 (improper validation of array index in WiFi driver function ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3575
@@ -27728,7 +27728,7 @@ CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for 
 CVE-2018-3570 (In the cpuidle driver in all Android releases(Android for MSM, Firefox ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3569 (A buffer over-read can occur during a fast initial link setup (FILS) ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -27738,7 +27738,7 @@ CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android 
 CVE-2018-3565 (While sending a probe request indication in ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3564 (In the FastRPC driver in Android releases from CAF using the linux ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3562 (Buffer over -read can occur while processing a FILS authentication ...)
@@ -40973,25 +40973,25 @@ CVE-2016-10615 (curses is bindings for the native curses library, a full feature
 CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary ...)
 	NOT-FOR-US: httpsync node module
 CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra ...)
-	TODO: check
+	NOT-FOR-US: bionode-sra
 CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. ...)
-	TODO: check
+	NOT-FOR-US: dalek-browser-ie-canary
 CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. ...)
-	TODO: check
+	NOT-FOR-US: strider-sauce
 CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 ...)
-	TODO: check
+	NOT-FOR-US: unicode-json
 CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. ...)
-	TODO: check
+	NOT-FOR-US: chromedriver126
 CVE-2016-10608 (robot-js is a module for native system automation for node.js. ...)
-	TODO: check
+	NOT-FOR-US: robot-js
 CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for ...)
-	TODO: check
+	NOT-FOR-US: openframe-glsviewer
 CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...)
-	TODO: check
+	NOT-FOR-US: grunt-webdriver-qunit
 CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. ...)
-	TODO: check
+	NOT-FOR-US: dalek-browser-ie
 CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. ...)
-	TODO: check
+	NOT-FOR-US: dalek-browser-chrome
 CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads ...)
 	TODO: check
 CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over ...)
@@ -41575,7 +41575,7 @@ CVE-2017-15858
 CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15856 (Due to a race condition while processing the power stats debug file to ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15854 (The value of fix_param->num_chans is received from firmware and if it ...)
@@ -41641,7 +41641,7 @@ CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Fire
 CVE-2017-15825
 	RESERVED
 CVE-2017-15824 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -44569,7 +44569,7 @@ CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14893 (While flashing meta image, a buffer over-read may potentially occur ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...)
@@ -44611,7 +44611,7 @@ CVE-2017-14874
 CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-14871
 	RESERVED
 CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -97960,13 +97960,13 @@ CVE-2016-6543
 CVE-2016-6542
 	RESERVED
 CVE-2016-6541 (TrackR Bravo device allows unauthenticated pairing, which enables ...)
-	TODO: check
+	NOT-FOR-US: TrackR
 CVE-2016-6540 (Unauthenticated access to the cloud-based service maintained by TrackR ...)
-	TODO: check
+	NOT-FOR-US: TrackR
 CVE-2016-6539 (The Trackr device ID is constructed of a manufacturer identifier of ...)
-	TODO: check
+	NOT-FOR-US: TrackR
 CVE-2016-6538 (The TrackR Bravo mobile app stores the account password used to ...)
-	TODO: check
+	NOT-FOR-US: TrackR
 CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store ...)
 	NOT-FOR-US: AVer
 CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65a2ebae469d3d5fe2ca8fd5a70c27bb0e6838b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65a2ebae469d3d5fe2ca8fd5a70c27bb0e6838b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180709/b4a25e02/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list