[Secure-testing-commits] r48741 - data/CVE

Mon, 06 Feb 2017 14:12:01 -0800 

Author: jmm
Date: 2017-02-06 22:10:59 +0000 (Mon, 06 Feb 2017)
New Revision: 48741

Modified:
   data/CVE/list
Log:
android NFUs
one package in the archive
arc no-dsa for stretch


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-02-06 21:58:18 UTC (rev 48740)
+++ data/CVE/list       2017-02-06 22:10:59 UTC (rev 48741)
@@ -21098,7 +21098,6 @@
        NOTE: See though notes for CVE-2016-7410, the 
3767305debcba8bd7e1c483ae48c509d25399252
        NOTE: seem to be the ultimate fix upstream, introducing commit should 
as well still be
        NOTE: found.
-       TODO: check introducing version
 CVE-2016-7510 [Out-of-Bounds read]
        RESERVED
        {DLA-635-1}
@@ -21111,7 +21110,6 @@
        NOTE: See though notes for CVE-2016-7410, the 
3767305debcba8bd7e1c483ae48c509d25399252
        NOTE: seem to be the ultimate fix upstream, introducing commit should 
as well still be
        NOTE: found.
-       TODO: check introducing version
 CVE-2016-7509
        RESERVED
 CVE-2016-7508
@@ -22421,7 +22419,7 @@
 CVE-2016-7104
        RESERVED
 CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: ownCloud Desktop
 CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote 
attackers ...)
        {DLA-731-1}
        - imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
@@ -22683,9 +22681,9 @@
 CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated 
when the ...)
        - moodle 2.7.16+dfsg-1
 CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell 
jwt ...)
-       TODO: check
+       NOT-FOR-US: Malcolm Fell jwt
 CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified 
impact ...)
-       TODO: check
+       NOT-FOR-US: Python jose
 CVE-2016-7035 [improper IPC guarding]
        RESERVED
        - pacemaker 1.1.15-3 (bug #843041)
@@ -23392,19 +23390,19 @@
 CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
        NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6774 (An information disclosure vulnerability in Package Manager 
could ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder 
in ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a 
local ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could 
enable a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API 
could ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could 
enable a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6768 (A remote code execution vulnerability in the Framesequence 
library ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable 
an ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2016-6766 (A denial of service vulnerability in libmedia and 
libstagefright in ...)
@@ -23414,9 +23412,10 @@
 CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable 
an ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a 
local ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive 
library ...)
-       TODO: check
+       - android-platform-system-core 1:7.0.0+r1-1
+       [jessie] - android-platform-system-core <not-affected> (Vulnerable code 
not present)
 CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media 
codecs could ...)
@@ -23493,9 +23492,9 @@
 CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto 
driver in ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service 
in ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in 
Android 4.x ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6722 (An information disclosure vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in 
Android 6.x ...)
@@ -23503,15 +23502,15 @@
 CVE-2016-6720 (An information disclosure vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth 
component in ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager 
Service ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in 
Android 4.x ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs 
in ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in 
Android 6.x ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in 
Android 6.x ...)
@@ -23521,13 +23520,13 @@
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in 
Mediaserver in ...)
        TODO: check, possibly libvpx
 CVE-2016-6710 (An information disclosure vulnerability in the download manager 
in ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and 
BoringSSL in ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6708 (An elevation of privilege in the System UI in Android 7.0 
before ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6707 (An elevation of privilege vulnerability in System Server in 
Android ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in 
Android ...)
@@ -70298,6 +70297,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
 CVE-2015-XXXX [directory traversal]
        - arc <unfixed> (low; bug #774527)
+       [stretch] - arc <no-dsa> (Minor issue)
        [jessie] - arc <no-dsa> (Minor issue)
        [wheezy] - arc <no-dsa> (Minor issue)
        [squeeze] - arc <no-dsa> (Minor issue)
@@ -70677,6 +70677,7 @@
        NOTE: CVE Request: 
https://marc.info/?l=oss-security&m=142024361327375&w=2
 CVE-2015-XXXX [buffer over-read]
        - arc <unfixed> (low; bug #774439)
+       [stretch] - arc <no-dsa> (Minor issue)
        [jessie] - arc <no-dsa> (Minor issue)
        [wheezy] - arc <no-dsa> (Minor issue)
        [squeeze] - arc <no-dsa> (Minor issue)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to