Author: jmm
Date: 2017-02-15 18:03:05 +0000 (Wed, 15 Feb 2017)
New Revision: 48960
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-15 17:55:08 UTC (rev 48959)
+++ data/CVE/list 2017-02-15 18:03:05 UTC (rev 48960)
@@ -38024,43 +38024,43 @@
CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
NOT-FOR-US: libstagefright
CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver
in ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver
in ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2,
5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus
5, ...)
- TODO: check
+ NOT-FOR-US: Broadcom driver for Android
CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
5X ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
5, 6, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus
5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
5 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus
6 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus
5, 5X, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4,
5.0.x ...)
TODO: check
CVE-2016-2463 (Multiple integer overflows in the h264dec component in
libstagefright ...)
@@ -38839,7 +38839,7 @@
CVE-2016-2247
REJECTED
CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout
control ...)
- TODO: check
+ NOT-FOR-US: HP ThinPro
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to
bypass ...)
NOT-FOR-US: HP Support Assistant
CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers
with ...)
@@ -38884,7 +38884,7 @@
NOTE: Possibly introduced after
http://vcs.pcre.org/pcre?view=revision&revision=1266
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638
(8.39)
CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2016-2241
RESERVED
CVE-2016-2240
@@ -43142,7 +43142,7 @@
NOTE: https://github.com/Dolibarr/dolibarr/issues/4291
NOTE:
https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
CVE-2015-8684 (Exponent CMS before 2.3.7 does not properly restrict the types
of ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software
GRA-UL00 ...)
TODO: check
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software
GRA-TL00 ...)
@@ -46134,15 +46134,15 @@
CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in
IBM ...)
NOT-FOR-US: IBM
CVE-2015-8523 (The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8522 (Buffer overflow in the server in IBM Tivoli Storage Manager
FastBack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8521 (Buffer overflow in the server in IBM Tivoli Storage Manager
FastBack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8520 (Buffer overflow in the server in IBM Tivoli Storage Manager
FastBack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8519 (Buffer overflow in the server in IBM Tivoli Storage Manager
FastBack ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8518
RESERVED
CVE-2015-8517
@@ -46234,11 +46234,11 @@
CVE-2016-0198 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word
2013 ...)
NOT-FOR-US: Microsoft
CVE-2016-0197 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0196 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft
CVE-2016-0195 (The Imaging Component in Microsoft Windows Vista SP2, Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0194 (Microsoft Internet Explorer 10 and 11 allows remote attackers
to ...)
NOT-FOR-US: Microsoft
CVE-2016-0193 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
@@ -46248,35 +46248,35 @@
CVE-2016-0191 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
NOT-FOR-US: Microsoft
CVE-2016-0190 (Volume Manager Driver in Microsoft Windows 8.1, Windows Server
2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0189 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8
engines, as ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0188 (The User Mode Code Integrity (UMCI) implementation in Device
Guard in ...)
NOT-FOR-US: Microsoft
CVE-2016-0187 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as
used in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0186 (The Chakra JavaScript engine in Microsoft Edge allows remote
attackers ...)
NOT-FOR-US: Microsoft
CVE-2016-0185 (Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0184 (Use-after-free vulnerability in GDI in Microsoft Windows Vista
SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0183 (The Windows font library in Microsoft Office 2010 SP2, Word
2010 SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0182 (Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0181 (Microsoft Windows 10 Gold and 1511 allows local users to bypass
the ...)
NOT-FOR-US: Microsoft
CVE-2016-0180 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0179 (Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2,
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0178 (The RPC NDR Engine in Microsoft Windows Vista SP2, Windows
Server 2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0177
RESERVED
CVE-2016-0176 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0175 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft
CVE-2016-0174 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
@@ -46288,11 +46288,11 @@
CVE-2016-0171 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft
CVE-2016-0170 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0169 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0168 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0167 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2016-0166 (Microsoft Internet Explorer 11 allows remote attackers to
execute ...)
@@ -46324,13 +46324,13 @@
CVE-2016-0153 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
R2 ...)
NOT-FOR-US: Microsoft Windows
CVE-2016-0152 (Internet Information Services (IIS) in Microsoft Windows Vista
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0151 (The Client-Server Run-time Subsystem (CSRSS) in Microsoft
Windows 8.1, ...)
NOT-FOR-US: Microsoft Windows
CVE-2016-0150 (HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote
attackers ...)
NOT-FOR-US: Microsoft Windows
CVE-2016-0149 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2,
4.6, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library
loading, ...)
NOT-FOR-US: Microsoft .NET
CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to
execute ...)
@@ -46344,9 +46344,9 @@
CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows
Server ...)
NOT-FOR-US: Microsoft Windows
CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2,
2013 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation
Services ...)
NOT-FOR-US: Microsoft
CVE-2016-0139 (Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer
allow ...)
@@ -46354,7 +46354,7 @@
CVE-2016-0138 (Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013
...)
NOT-FOR-US: Microsoft
CVE-2016-0137 (The Click-to-Run (C2R) implementation in Microsoft Office 2013
SP1 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0136 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility
Pack ...)
NOT-FOR-US: Microsoft Excel
CVE-2016-0135 (The Secondary Logon Service in Microsoft Windows 10 Gold and
1511 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
