Author: jmm Date: 2017-01-30 18:32:21 +0000 (Mon, 30 Jan 2017) New Revision: 48561
Modified: data/CVE/list Log: new phpmailer issue qemu no-dsa android NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-30 17:41:41 UTC (rev 48560) +++ data/CVE/list 2017-01-30 18:32:21 UTC (rev 48561) @@ -270,7 +270,7 @@ CVE-2017-5555 RESERVED CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before ...) - TODO: check + NOT-FOR-US: OnePlus 3 / 3T OxygenOS CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...) - b2evolution <removed> CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...) @@ -362,12 +362,12 @@ NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6 CVE-2016-10155 [watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb; CVE for the memory consumption issue, not an information disclosure issue] RESERVED - - qemu 1:2.8+dfsg-2 (bug #852232) + - qemu 1:2.8+dfsg-2 (low; bug #852232) + [jessie] - qemu <no-dsa> (Minor issue) - qemu-kvm <removed> NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199 NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e - TODO: check affected versions CVE-2016-10154 [cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack] RESERVED - linux 4.9.2-1 @@ -1119,9 +1119,9 @@ NOTE: changed a malloc'ed buffer for a static one. NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local ...) - TODO: check + NOT-FOR-US: Palo Alto Networks Terminal Services Agent CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows ...) - TODO: check + NOT-FOR-US: Palo Alto Networks Terminal Services Agent CVE-2017-5327 RESERVED CVE-2017-5326 @@ -1333,7 +1333,7 @@ CVE-2017-5224 RESERVED CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML ...) - TODO: check + - libphp-phpmailer <unfixed> CVE-2017-5222 RESERVED CVE-2017-5221 @@ -7237,7 +7237,7 @@ CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs ...) NOT-FOR-US: Alcatel-Lucent OmniVista CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client ...) - TODO: check + NOT-FOR-US: CA Common Services CVE-2016-9792 RESERVED CVE-2016-9791 @@ -12694,7 +12694,7 @@ CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...) TODO: check CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in ...) TODO: check CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver ...) @@ -22546,9 +22546,9 @@ CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an ...) TODO: check CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6765 (A denial of service vulnerability in libstagefright in Mediaserver ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an ...) TODO: check CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ...) @@ -22635,11 +22635,11 @@ CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x ...) TODO: check CVE-2016-6722 (An information disclosure vulnerability in libstagefright in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x ...) TODO: check CVE-2016-6720 (An information disclosure vulnerability in libstagefright in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in ...) TODO: check CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...) @@ -22667,7 +22667,7 @@ CVE-2016-6707 (An elevation of privilege vulnerability in System Server in Android ...) TODO: check CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android ...) TODO: check CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...) @@ -22681,7 +22681,7 @@ CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in Android 4.x ...) TODO: check CVE-2016-6699 (A remote code execution vulnerability in libstagefright in Mediaserver ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-6698 (An information disclosure vulnerability in Qualcomm components ...) TODO: check CVE-2016-6697 @@ -32688,7 +32688,7 @@ CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...) TODO: check CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3919 REJECTED CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x ...) @@ -32710,7 +32710,7 @@ CVE-2016-3910 (services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in ...) TODO: check CVE-2016-3909 (The SoftMPEG4 component in libstagefright in mediaserver in Android ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3908 (The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 ...) TODO: check CVE-2016-3907 (An information disclosure vulnerability in Qualcomm components ...) @@ -32730,7 +32730,7 @@ CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android ...) TODO: check CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x ...) TODO: check CVE-2016-3897 (The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java ...) @@ -32784,11 +32784,11 @@ CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices ...) TODO: check CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in ...) TODO: check CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, ...) TODO: check CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...) @@ -32874,19 +32874,19 @@ CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before ...) TODO: check CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...) TODO: check CVE-2016-3828 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 ...) TODO: check CVE-2016-3827 (codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3826 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...) TODO: check CVE-2016-3825 (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in ...) TODO: check CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...) TODO: check CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...) @@ -33002,7 +33002,7 @@ CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...) TODO: check CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before ...) TODO: check CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...) @@ -36783,9 +36783,9 @@ CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in ...) TODO: check CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2504 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, ...) TODO: check CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and ...) @@ -36797,7 +36797,7 @@ CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...) TODO: check CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...) TODO: check CVE-2016-2497 (services/core/java/com/android/server/pm/PackageManagerService.java in ...) @@ -36805,7 +36805,7 @@ CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x ...) TODO: check CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...) TODO: check CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...) @@ -36821,13 +36821,13 @@ CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, ...) TODO: check CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before ...) TODO: check CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before ...) @@ -36869,7 +36869,7 @@ CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x ...) TODO: check CVE-2016-2463 (Multiple integer overflows in the h264dec component in libstagefright ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...) NOT-FOR-US: Android CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...) @@ -42900,7 +42900,7 @@ CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x ...) TODO: check CVE-2016-0842 (The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in Android ...) TODO: check CVE-2016-0840 (Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c ...) @@ -42910,7 +42910,7 @@ CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...) TODO: check CVE-2016-0837 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-0836 (Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in ...) TODO: check CVE-2016-0835 (decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before ...) @@ -42936,7 +42936,7 @@ CVE-2016-0825 (The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 ...) TODO: check CVE-2016-0824 (libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-0823 (The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel ...) - linux 4.0.2-1 [jessie] - linux 3.16.7-ckt11-1 @@ -42984,7 +42984,7 @@ CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...) TODO: check CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...) NOT-FOR-US: Android drivers CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...) @@ -50960,9 +50960,9 @@ CVE-2015-6633 (The display drivers in Android before 5.1.1 LMY48Z and 6.0 before ...) TODO: check CVE-2015-6632 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2015-6631 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2015-6630 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...) TODO: check CVE-2015-6629 (Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain ...) @@ -50972,7 +50972,7 @@ CVE-2015-6627 (The Audio component in Android before 5.1.1 LMY48Z and 6.0 before ...) TODO: check CVE-2015-6626 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2015-6625 (System Server in Android 6.0 before 2015-12-01 allows attackers to ...) TODO: check CVE-2015-6624 (System Server in Android 6.0 before 2015-12-01 allows attackers to ...) @@ -50984,7 +50984,7 @@ CVE-2015-6621 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...) TODO: check CVE-2015-6620 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2015-6619 (The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...) TODO: check CVE-2015-6618 (Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows ...) @@ -51004,7 +51004,7 @@ CVE-2015-6611 (mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...) TODO: check CVE-2015-6610 (libstagefright in Android before 5.1.1 LMY48X and 6.0 before ...) - TODO: check + NOT-FOR-US: libstagefright CVE-2015-6609 (libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...) - android-platform-frameworks-native <unfixed> (unimportant; bug #806375) CVE-2015-6608 (mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits