[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Moritz Muehlenhoff Tue, 20 Feb 2018 04:29:39 -0800

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7c8a8757 by Moritz Muehlenhoff at 2018-02-20T13:27:05+01:00
NFUs

- - - - -
9c1b232c by Moritz Muehlenhoff at 2018-02-20T13:28:19+01:00
new android-libziparchive issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -30597,7 +30597,7 @@ CVE-2017-13176 (In the parseURL function of 
URLStreamHandler, there is improper 
 CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA 
libwilhelm. ...)
        NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. 
Product: ...)
-       TODO: check
+       NOT-FOR-US: Android kernel components (no source release, so apparently 
not present in mainline)
 CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system 
server. ...)
        NOT-FOR-US: MediaTek driver for Android
 CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek 
bluetooth ...)
@@ -30623,35 +30623,35 @@ CVE-2017-13164 (An information disclosure 
vulnerability in the kernel binder dri
 CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb 
driver. ...)
        NOT-FOR-US: Android kernel components (no source release, so apparently 
not present in mainline)
 CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. 
Product: ...)
-       TODO: check
+       NOT-FOR-US: Android kernel components (no source release, so apparently 
not present in mainline)
 CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom 
wireless ...)
        NOT-FOR-US: Broadcom components for Android
 CVE-2017-13160 (A remote code execution vulnerability in the Android system 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-13159 (An information disclosure vulnerability in the Android system 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-13158 (An information disclosure vulnerability in the Android system 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-13157 (An information disclosure vulnerability in the Android system 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-13156 (An elevation of privilege vulnerability in the Android system 
(art). ...)
-       TODO: check
+       - android-platform-system-core <unfixed>
 CVE-2017-13155
        RESERVED
 CVE-2017-13154 (An elevation of privilege vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android Media Framework
 CVE-2017-13153 (An elevation of privilege vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-13152 (An information disclosure vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android Media Framework
 CVE-2017-13151 (A remote code execution vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-13150 (An information disclosure vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android Media Framework
 CVE-2017-13149 (An information disclosure vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android Media Framework
 CVE-2017-13148 (A denial of service vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability 
was found ...)
        - graphicsmagick <unfixed> (unimportant)
        NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
@@ -52548,7 +52548,7 @@ CVE-2017-6213
 CVE-2017-6212
        REJECTED
 CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all 
Android ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux 
kernel ...)
        {DSA-3804-1 DLA-849-1}
        - linux 4.9.13-1
@@ -67507,23 +67507,23 @@ CVE-2017-0880 (A denial of service vulnerability in 
the Android media framework 
 CVE-2017-0879 (An information disclosure vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android Media Framework
 CVE-2017-0878 (A remote code execution vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0877 (A remote code execution vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0876 (A remote code execution vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0875
        RESERVED
 CVE-2017-0874 (A denial of service vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0873 (A denial of service vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0872 (A remote code execution vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0871 (An elevation of privilege vulnerability in the Android 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-0870 (An elevation of privilege vulnerability in the Android 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which 
could ...)
        TODO: check
 CVE-2017-0868
@@ -67595,7 +67595,7 @@ CVE-2017-0839 (An information disclosure vulnerability 
in the Android media fram
 CVE-2017-0838 (An elevation of privilege vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android media framework
 CVE-2017-0837 (An elevation of privilege vulnerability in the Android media 
framework ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2017-0836 (A remote code execution vulnerability in the Android media 
framework ...)
        NOT-FOR-US: Android media framework
 CVE-2017-0835 (A remote code execution vulnerability in the Android media 
framework ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/82a31b7479c90df36eed9f7f868b0d9d2a56b64e...9c1b232c6d6f575401682d77711bf92aefa7b234

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/82a31b7479c90df36eed9f7f868b0d9d2a56b64e...9c1b232c6d6f575401682d77711bf92aefa7b234
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs

Reply via email to