Author: jmm
Date: 2017-09-21 07:17:06 +0000 (Thu, 21 Sep 2017)
New Revision: 55958
Modified:
data/CVE/list
Log:
mark several android kernel CVEs as NFU
these don't have a source release, so they must be related to non-GPL
additions to the respective Android kernel builds
for vulnerabilities affecting mainline, the Android bulletins
refer to the upstream fix in git
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-21 05:49:13 UTC (rev 55957)
+++ data/CVE/list 2017-09-21 07:17:06 UTC (rev 55958)
@@ -39767,13 +39767,13 @@
CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0630 (An information disclosure vulnerability in the kernel trace
subsystem ...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC
driver could ...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto
engine ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command
queue ...)
@@ -50196,7 +50196,7 @@
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android
5.0.x ...)
NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components,
...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
NOTE: https://source.android.com/security/bulletin/2016-11-01.html
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components
...)
NOT-FOR-US: Qualcomm driver for Android
@@ -60374,11 +60374,11 @@
CVE-2016-3804 (The MediaTek power management driver in Android before
2016-07-05 on ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3803 (The kernel filesystem implementation in Android before
2016-07-05 on ...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
NOTE: https://source.android.com/security/bulletin/2016-07-01.html
NOTE: No source patch available, so may relate to Apache-licensed
sdcardfs.
CVE-2016-3802 (The kernel filesystem implementation in Android before
2016-07-05 on ...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
NOTE: https://source.android.com/security/bulletin/2016-07-01.html
NOTE: No source patch available, so may relate to Apache-licensed
sdcardfs.
CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android
One ...)
@@ -60434,7 +60434,7 @@
CVE-2016-3776
REJECTED
CVE-2016-3775 (The kernel filesystem implementation in Android before
2016-07-05 on ...)
- - linux <undetermined>
+ NOT-FOR-US: Android kernel
NOTE: https://source.android.com/security/bulletin/2016-07-01.html
NOTE: No source patch available, so may relate to Apache-licensed
sdcardfs.
CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
