Author: jmm
Date: 2017-02-01 15:56:29 +0000 (Wed, 01 Feb 2017)
New Revision: 48649
Modified:
data/CVE/list
Log:
runc fixed
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-01 13:38:46 UTC (rev 48648)
+++ data/CVE/list 2017-02-01 15:56:29 UTC (rev 48649)
@@ -74,7 +74,7 @@
CVE-2017-5633
RESERVED
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router
with ...)
- TODO: check
+ NOT-FOR-US: Asus router
CVE-2017-5631
RESERVED
CVE-2017-5630
@@ -5156,7 +5156,7 @@
CVE-2016-9962 [insecure opening of file-descriptor allows privilege escalation]
RESERVED
- docker.io <unfixed> (bug #850952)
- - runc <unfixed> (bug #850951)
+ - runc 0.1.1+dfsg1-2 (bug #850951)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6
NOTE:
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
@@ -12944,9 +12944,9 @@
CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in
Mediaserver ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-0389 (A denial of service vulnerability in core networking could
enable a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could
enable a ...)
NOT-FOR-US: Android Mediaserver
CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library
could ...)
@@ -12955,11 +12955,11 @@
CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could
enable a ...)
NOT-FOR-US: Android Audioserver
CVE-2017-0384 (An elevation of privilege vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Android Audioserver
CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs
could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0382 (A remote code execution vulnerability in the Framesequence
library ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0381 (An information disclosure vulnerability in
silk/NLSF_stabilize.c in ...)
{DLA-793-1}
- opus 1.2~alpha2-1 (bug #851612)
@@ -14973,7 +14973,7 @@
CVE-2016-9250
RESERVED
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual
Server ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2016-9248
RESERVED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual
server ...)
@@ -17414,11 +17414,11 @@
CVE-2016-8473 (An information disclosure vulnerability in the
STMicroelectronics ...)
TODO: check
CVE-2016-8472 (An information disclosure vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: Mediatek driver for Android
CVE-2016-8471 (An information disclosure vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: Mediatek driver for Android
CVE-2016-8470 (An information disclosure vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: Mediatek driver for Android
CVE-2016-8469 (An information disclosure vulnerability in the camera driver
could ...)
TODO: check
CVE-2016-8468 (An elevation of privilege vulnerability in Binder could enable
a local ...)
@@ -17570,13 +17570,13 @@
CVE-2016-8397 (An information disclosure vulnerability in the NVIDIA video
driver ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8396 (An information disclosure vulnerability in the MediaTek video
driver ...)
- TODO: check
+ NOT-FOR-US: Mediatek driver for Android
CVE-2016-8395 (A denial of service vulnerability in the NVIDIA camera driver
could ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8394 (An elevation of privilege vulnerability in the Synaptics
touchscreen ...)
- TODO: check
+ NOT-FOR-US: Synaptics driver for Android
CVE-2016-8393 (An elevation of privilege vulnerability in the Synaptics
touchscreen ...)
- TODO: check
+ NOT-FOR-US: Synaptics driver for Android
CVE-2016-8392 (An elevation of privilege vulnerability in the Qualcomm sound
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8391 (An elevation of privilege vulnerability in the Qualcomm sound
driver ...)
@@ -18099,11 +18099,11 @@
CVE-2016-8228
RESERVED
CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition
application ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo
Slim USB ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and
...)
NOT-FOR-US: Lenovo
CVE-2016-8223 (During an internal security review, Lenovo identified a local
...)
@@ -18111,7 +18111,7 @@
CVE-2016-8222 (A vulnerability has been identified in a signed kernel driver
for the ...)
NOT-FOR-US: Lenovo
CVE-2016-8221 (Privilege Escalation in Lenovo XClarity Administrator earlier
than ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick
...)
- qemu 1:2.7+dfsg-1 (bug #838145)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
@@ -18180,7 +18180,7 @@
CVE-2016-8202
RESERVED
CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager
versions ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in
GnuTLS ...)
- gnutls28 3.5.3-4
[jessie] - gnutls28 3.3.8-6+deb8u4
@@ -18782,7 +18782,7 @@
CVE-2017-0005
RESERVED
CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow
remote ...)
NOT-FOR-US: Microsoft
CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
@@ -19621,25 +19621,25 @@
CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier,
11.2.202.644 and ...)
NOT-FOR-US: Adobe Flash
CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7890 (Adobe Flash Player versions 23.0.0.207 and earlier,
11.2.202.644 and ...)
NOT-FOR-US: Adobe Flash
CVE-2016-7889 (Adobe Digital Editions versions 4.5.2 and earlier has an issue
with ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7888 (Adobe Digital Editions versions 4.5.2 and earlier has an
important ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7887 (Adobe ColdFusion Builder versions 2016 update 2 and earlier,
3.0.3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7886 (Adobe InDesign version 11.4.1 and earlier, Adobe InDesign
Server 11.0.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7885 (Adobe Experience Manager versions 6.2 and earlier have a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7884 (Adobe Experience Manager versions 6.1 and earlier have an input
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7883 (Adobe Experience Manager version 6.2 has an input validation
issue in ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7882 (Adobe Experience Manager versions 6.2 and earlier have an input
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-7881 (Adobe Flash Player versions 23.0.0.207 and earlier,
11.2.202.644 and ...)
NOT-FOR-US: Adobe Flash
CVE-2016-7880 (Adobe Flash Player versions 23.0.0.207 and earlier,
11.2.202.644 and ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
