What is happening with the CVE entry I believe, is the ones that are "candidate" status and are under review, do not make it into the distro CVE listings until they are officially submitted.
Nice analysis, thank you.
CVEs for the two unpatched Windows 7 vulnerabilities have the "candidate" status. One of them is the SSL protocol design flaw, the other is a bluescreen in a video driver used with the Aero theme. It has no known (as far as I know) code execution exploits. The video driver is not installed by default on Windows Server configurations. Disabling Aero mitigates the problem.
... and you are fully protected
Tread careful here: this is what my antivirus says. Seriously, it literally says "Upgrade now and be fully protected in a minute".
Nice day to you, too.
