[Git][security-tracker-team/security-tracker][master] NFUs and some generic issues from current Android release

Moritz Muehlenhoff Wed, 06 Nov 2019 09:58:36 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e0bea478 by Moritz Muehlenhoff at 2019-11-06T17:57:07Z
NFUs and some generic issues from current Android release

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27004,6 +27004,7 @@ CVE-2019-10572
        RESERVED
 CVE-2019-10571
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10570
        RESERVED
 CVE-2019-10569
@@ -27028,6 +27029,7 @@ CVE-2019-10560
        RESERVED
 CVE-2019-10559
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10558
        RESERVED
 CVE-2019-10557
@@ -27036,6 +27038,7 @@ CVE-2019-10556
        RESERVED
 CVE-2019-10555
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10554
        RESERVED
 CVE-2019-10553
@@ -27056,6 +27059,7 @@ CVE-2019-10546
        RESERVED
 CVE-2019-10545
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10544
        RESERVED
 CVE-2019-10543
@@ -27086,6 +27090,7 @@ CVE-2019-10531
        RESERVED
 CVE-2019-10530
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10529
        RESERVED
 CVE-2019-10528
@@ -27106,6 +27111,7 @@ CVE-2019-10521
        RESERVED
 CVE-2019-10520
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10519
        RESERVED
 CVE-2019-10518
@@ -27124,6 +27130,7 @@ CVE-2019-10512
        RESERVED
 CVE-2019-10511
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference 
when in ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10509 (Device record of the pairing device used after free during ACL 
disconn ...)
@@ -27160,6 +27167,7 @@ CVE-2019-10494
        RESERVED
 CVE-2019-10493
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, 
Snapdragon  ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-10491
@@ -27176,8 +27184,10 @@ CVE-2019-10486
        RESERVED
 CVE-2019-10485
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10484
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10483
        RESERVED
 CVE-2019-10482
@@ -31123,8 +31133,11 @@ CVE-2019-9468
        RESERVED
 CVE-2019-9467
        RESERVED
+       NOT-FOR-US: LG components for Android
 CVE-2019-9466
        RESERVED
+       - linux <unfixed>
+       NOTE: https://patchwork.kernel.org/patch/10812613/
 CVE-2019-9465
        RESERVED
 CVE-2019-9464
@@ -50500,8 +50513,10 @@ CVE-2019-2339
        RESERVED
 CVE-2019-2338
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2337
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2336
        RESERVED
 CVE-2019-2335
@@ -50534,10 +50549,13 @@ CVE-2019-2322 (Buffer overflow can occur when playing 
specific clip which is non
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2321
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2320
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2319
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2318
        RESERVED
 CVE-2019-2317
@@ -50556,6 +50574,7 @@ CVE-2019-2311
        RESERVED
 CVE-2019-2310
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2309 (While storing calibrated data from firmware in cache, An 
integer overf ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-2308 (User application could potentially make RPC call to the fastrpc 
driver ...)
@@ -50600,6 +50619,7 @@ CVE-2019-2289
        RESERVED
 CVE-2019-2288
        RESERVED
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2287 (Improper validation for inputs received from firmware can lead 
to an o ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-2286
@@ -50710,6 +50730,7 @@ CVE-2019-2234
        RESERVED
 CVE-2019-2233
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2232
        RESERVED
 CVE-2019-2231
@@ -50749,50 +50770,80 @@ CVE-2019-2215 (A use-after-free in binder.c allows an 
elevation of privilege fro
        NOTE: Fixed by: 
https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
 CVE-2019-2214
        RESERVED
+       - linux <unfixed>
+       NOTE: 
https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-m...@android.com/
 CVE-2019-2213
        RESERVED
+       - linux <unfixed>
+       NOTE: https://lore.kernel.org/patchwork/patch/1087916/
 CVE-2019-2212
        RESERVED
+       - libc++ <removed>
+       - llvm-toolchain-6.0 <unfixed>
+       - llvm-toolchain-7.0 <unfixed>
+       NOTE: 
https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
+       TODO: check
 CVE-2019-2211
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2210
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2209
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2208
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2207
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2206
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2205
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2204
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2203
        RESERVED
+       NOT-FOR-US: Android media framework
 CVE-2019-2202
        RESERVED
+       NOT-FOR-US: Android media framework
 CVE-2019-2201
        RESERVED
+       - libjpeg-turbo <unfixed>
+       NOTE: https://source.android.com/security/bulletin/2019-11-01
+       NOTE: 
https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
+       TODO: check
 CVE-2019-2200
        RESERVED
 CVE-2019-2199
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2198
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2197
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2196
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2195
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2194
        RESERVED
 CVE-2019-2193
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2192
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2191 (In LG's LAF component, there is a possible leak of information 
in a pr ...)
        NOT-FOR-US: LG components for Android
 CVE-2019-2190 (In LG's LAF component, there is a possible leak of information 
in a pr ...)
@@ -51121,6 +51172,7 @@ CVE-2019-2037 (In l2cu_send_peer_config_rej of 
l2c_utils.cc, there is a possible
        NOT-FOR-US: Android
 CVE-2019-2036
        RESERVED
+       NOT-FOR-US: Android
 CVE-2019-2035 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible 
out-of-boun ...)
        NOT-FOR-US: Android
 CVE-2019-2034 (In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible 
out-of-bounds ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs and some generic issues from current Android release

Reply via email to