Author: jmm Date: 2017-03-20 09:39:47 +0000 (Mon, 20 Mar 2017) New Revision: 49837
Modified: data/CVE/list Log: NFU cleared further TODOs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-03-20 09:24:44 UTC (rev 49836) +++ data/CVE/list 2017-03-20 09:39:47 UTC (rev 49837) @@ -43804,7 +43804,6 @@ [wheezy] - libxslt 1.1.26-14.1+deb7u1 NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291 NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3 - TODO: checking with MITRE if association to the CVE is correct, bu seems the only valid one CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...) {DSA-3593-1 DLA-503-1} - libxml2 2.9.3+dfsg1-1.1 @@ -47261,7 +47260,7 @@ CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...) NOT-FOR-US: Android CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery ...) - TODO: check + NOT-FOR-US: Android CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x ...) NOT-FOR-US: Android CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before ...) @@ -52687,7 +52686,6 @@ NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182 NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8 NOTE: http://www.mitls.org/pages/attacks/SLOTH - TODO: check other possible affected libraries (PolarSSL/mbedTLS, ...) CVE-2015-7574 RESERVED CVE-2015-7573 @@ -52787,7 +52785,6 @@ [jessie] - ruby2.1 2.1.5-2+deb8u3 - ruby2.2 2.2.4-1 (bug #796551) NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ - TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since affects multiple ruby versions CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the Linux ...) {DSA-3434-1 DLA-378-1} - linux 4.3.3-3 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits