[Secure-testing-commits] r49837 - data/CVE

Moritz Muehlenhoff Mon, 20 Mar 2017 02:40:27 -0700

Author: jmm
Date: 2017-03-20 09:39:47 +0000 (Mon, 20 Mar 2017)
New Revision: 49837


Modified:
   data/CVE/list
Log:
NFU
cleared further TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-03-20 09:24:44 UTC (rev 49836)
+++ data/CVE/list       2017-03-20 09:39:47 UTC (rev 49837)
@@ -43804,7 +43804,6 @@
        [wheezy] - libxslt 1.1.26-14.1+deb7u1
        NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
        NOTE: upstream commit: 
https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
-       TODO: checking with MITRE if association to the CVE is correct, bu 
seems the only valid one
 CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup 
function in ...)
        {DSA-3593-1 DLA-503-1}
        - libxml2 2.9.3+dfsg1-1.1
@@ -47261,7 +47260,7 @@
 CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x 
before ...)
        NOT-FOR-US: Android
 CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery 
...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 
5.0.x ...)
        NOT-FOR-US: Android
 CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x 
before ...)
@@ -52687,7 +52686,6 @@
        NOTE: 
https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
        NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
        NOTE: http://www.mitls.org/pages/attacks/SLOTH
-       TODO: check other possible affected libraries (PolarSSL/mbedTLS, ...)
 CVE-2015-7574
        RESERVED
 CVE-2015-7573
@@ -52787,7 +52785,6 @@
        [jessie] - ruby2.1 2.1.5-2+deb8u3
        - ruby2.2 2.2.4-1 (bug #796551)
        NOTE: 
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
-       TODO: check correctness for CVE-2009-5147/CVE-2015-7551 record since 
affects multiple ruby versions
 CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the 
Linux ...)
        {DSA-3434-1 DLA-378-1}
        - linux 4.3.3-3


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r49837 - data/CVE

Reply via email to