[Git][security-tracker-team/security-tracker][master] Two additional Broadcom firmware CVEs, listed in recent firmware-nonfree upload

Moritz Muehlenhoff jmm at debian.org
Tue Jul 31 05:50:52 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df7cb512 by Moritz Muehlenhoff at 2018-07-31T04:50:01Z
Two additional Broadcom firmware CVEs, listed in recent firmware-nonfree upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -89685,7 +89685,8 @@ CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen dr
 CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware ...)
-	NOT-FOR-US: Broadcom driver for Android
+	- firmware-nonfree 20180518-1 (bug #869639)
+	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
 CVE-2017-0560 (An information disclosure vulnerability in the factory reset process ...)
 	NOT-FOR-US: Android
 CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a ...)
@@ -120139,7 +120140,8 @@ CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x be
 CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
 	NOT-FOR-US: Android drivers
 CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
-	NOT-FOR-US: Android drivers
+	- firmware-nonfree 20180518-1 (bug #869639)
+	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
 CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...)
 	- openssl 1.0.0c-2
 	- nss 3.13



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df7cb512ecaa46d05b76030d1a44cf1543960f78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df7cb512ecaa46d05b76030d1a44cf1543960f78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180731/8b55fe27/attachment.html>

More information about the debian-security-tracker-commits mailing list