[Secure-testing-commits] r48622 - data/CVE

Tue, 31 Jan 2017 10:01:09 -0800 

Author: jmm
Date: 2017-01-31 18:00:46 +0000 (Tue, 31 Jan 2017)
New Revision: 48622

Modified:
   data/CVE/list
Log:
android NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-01-31 17:12:47 UTC (rev 48621)
+++ data/CVE/list       2017-01-31 18:00:46 UTC (rev 48622)
@@ -12852,9 +12852,9 @@
 CVE-2017-0405
        RESERVED
 CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound 
subsystem ...)
-       - linux <undetermined>
+       - linux <not-affected> (Android-specific sound system)
 CVE-2017-0403 (An elevation of privilege vulnerability in the kernel 
performance ...)
-       - linux <undetermined>
+       - linux <not-affected> (Android-specific performance subsystem)
 CVE-2017-0402 (An information disclosure vulnerability in ...)
        NOT-FOR-US: Android Audioserver
 CVE-2017-0401 (An information disclosure vulnerability in ...)
@@ -12866,7 +12866,7 @@
 CVE-2017-0398 (An information disclosure vulnerability in Audioserver could 
enable a ...)
        NOT-FOR-US: Android Audioserver
 CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2017-0396 (An information disclosure vulnerability in ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could 
enable a ...)
@@ -12874,11 +12874,11 @@
 CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a 
remote ...)
        NOT-FOR-US: Android Telephony
 CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver 
could ...)
-       TODO: check
+       TODO: check, potentially libvpx
 CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in 
libstagefright ...)
        NOT-FOR-US: libstagefright
 CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in 
...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in 
Mediaserver ...)
        NOT-FOR-US: Android Mediaserver
 CVE-2017-0389 (A denial of service vulnerability in core networking could 
enable a ...)
@@ -17378,7 +17378,7 @@
 CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters 
as part ...)
        NOT-FOR-US: Qualcomm component for Android
 CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       - linux <undetermined>
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
        NOT-FOR-US: Broadcom Wi-Fi driver for Android
 CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi 
driver ...)
@@ -17392,7 +17392,7 @@
 CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi 
driver ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       - linux <undetermined>
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound 
driver ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver could ...)
@@ -22701,13 +22701,13 @@
 CVE-2016-6768 (A remote code execution vulnerability in the Framesequence 
library ...)
        TODO: check
 CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable 
an ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6766 (A denial of service vulnerability in libmedia and 
libstagefright in ...)
        NOT-FOR-US: libstagefright
 CVE-2016-6765 (A denial of service vulnerability in libstagefright in 
Mediaserver ...)
        NOT-FOR-US: libstagefright
 CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable 
an ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a 
local ...)
        TODO: check
 CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive 
library ...)
@@ -22741,17 +22741,17 @@
 CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components 
...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android 
before ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU 
driver in ...)
-       TODO: check
+       NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6745 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       TODO: check
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6744 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       TODO: check
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6743 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       TODO: check
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics 
touchscreen ...)
-       TODO: check
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera 
driver ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera 
driver ...)
@@ -22761,7 +22761,7 @@
 CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto 
engine ...)
        NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION 
subsystem in ...)
-       TODO: check
+       NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver in ...)
        NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU 
driver in ...)
@@ -22794,7 +22794,7 @@
 CVE-2016-6722 (An information disclosure vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in 
Android 6.x ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6720 (An information disclosure vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth 
component in ...)
@@ -22802,19 +22802,19 @@
 CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager 
Service ...)
        TODO: check
 CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in 
Android 4.x ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in 
...)
        TODO: check
 CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs 
in ...)
        TODO: check
 CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in 
Android 6.x ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in 
Android 6.x ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6712 (A remote denial of service vulnerability in libvpx in 
Mediaserver in ...)
-       TODO: check
+       TODO: check, possibly libvpx
 CVE-2016-6711 (A remote denial of service vulnerability in libvpx in 
Mediaserver in ...)
-       TODO: check
+       TODO: check, possibly libvpx
 CVE-2016-6710 (An information disclosure vulnerability in the download manager 
in ...)
        TODO: check
 CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and 
BoringSSL in ...)
@@ -22826,9 +22826,9 @@
 CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in 
...)
        NOT-FOR-US: libstagefright
 CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in 
Android ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in 
Android 4.x ...)
-       TODO: check
+       NOT-FOR-US: Android Mediaserver
 CVE-2016-6703 (A remote code execution vulnerability in an Android runtime 
library in ...)
        TODO: check
 CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x 
before ...)
@@ -22844,17 +22844,17 @@
 CVE-2016-6697
        RESERVED
 CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm 
QDSP6v2 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm 
QDSP6v2 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm 
QDSP6v2 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm 
QDSP6v2 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS 
driver in ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm 
Wi-Fi ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on 
Nexus ...)
        - android <itp> (bug #459219)
 CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus 
devices ...)
@@ -22872,27 +22872,27 @@
 CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows 
...)
        - android <itp> (bug #459219)
 CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 
driver ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 
driver ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in 
Android ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in 
...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on 
Nexus 6 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Motorola driver for Android
 CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 
devices ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm 
Wi-Fi ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the 
Qualcomm ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Qualcomm driver for Android
 CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices 
allows ...)
        - android <itp> (bug #459219)
 CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 
9 ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Nvidia driver for Android
 CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 
on Nexus ...)
-       - android <itp> (bug #459219)
+       NOT-FOR-US: Synaptics driver for Android
 CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, 
as used ...)
        - linux 4.0.4-1
        [jessie] - linux 3.16.7-ckt17-1


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to