Author: jmm Date: 2017-09-21 07:17:06 +0000 (Thu, 21 Sep 2017) New Revision: 55958
Modified: data/CVE/list Log: mark several android kernel CVEs as NFU these don't have a source release, so they must be related to non-GPL additions to the respective Android kernel builds for vulnerabilities affecting mainline, the Android bulletins refer to the upstream fix in git Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-09-21 05:49:13 UTC (rev 55957) +++ data/CVE/list 2017-09-21 07:17:06 UTC (rev 55958) @@ -39767,13 +39767,13 @@ CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...) - - linux <undetermined> + NOT-FOR-US: Android kernel CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...) - - linux <undetermined> + NOT-FOR-US: Android kernel CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...) NOT-FOR-US: Qualcomm driver for Android CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...) @@ -50196,7 +50196,7 @@ CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x ...) NOT-FOR-US: Webview for Android CVE-2016-6753 (An information disclosure vulnerability in kernel components, ...) - - linux <undetermined> + NOT-FOR-US: Android kernel NOTE: https://source.android.com/security/bulletin/2016-11-01.html CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components ...) NOT-FOR-US: Qualcomm driver for Android @@ -60374,11 +60374,11 @@ CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on ...) NOT-FOR-US: MediaTek driver for Android CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on ...) - - linux <undetermined> + NOT-FOR-US: Android kernel NOTE: https://source.android.com/security/bulletin/2016-07-01.html NOTE: No source patch available, so may relate to Apache-licensed sdcardfs. CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on ...) - - linux <undetermined> + NOT-FOR-US: Android kernel NOTE: https://source.android.com/security/bulletin/2016-07-01.html NOTE: No source patch available, so may relate to Apache-licensed sdcardfs. CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One ...) @@ -60434,7 +60434,7 @@ CVE-2016-3776 REJECTED CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on ...) - - linux <undetermined> + NOT-FOR-US: Android kernel NOTE: https://source.android.com/security/bulletin/2016-07-01.html NOTE: No source patch available, so may relate to Apache-licensed sdcardfs. CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits