Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e0bea478 by Moritz Muehlenhoff at 2019-11-06T17:57:07Z NFUs and some generic issues from current Android release - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -27004,6 +27004,7 @@ CVE-2019-10572 RESERVED CVE-2019-10571 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10570 RESERVED CVE-2019-10569 @@ -27028,6 +27029,7 @@ CVE-2019-10560 RESERVED CVE-2019-10559 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10558 RESERVED CVE-2019-10557 @@ -27036,6 +27038,7 @@ CVE-2019-10556 RESERVED CVE-2019-10555 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10554 RESERVED CVE-2019-10553 @@ -27056,6 +27059,7 @@ CVE-2019-10546 RESERVED CVE-2019-10545 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10544 RESERVED CVE-2019-10543 @@ -27086,6 +27090,7 @@ CVE-2019-10531 RESERVED CVE-2019-10530 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10529 RESERVED CVE-2019-10528 @@ -27106,6 +27111,7 @@ CVE-2019-10521 RESERVED CVE-2019-10520 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10519 RESERVED CVE-2019-10518 @@ -27124,6 +27130,7 @@ CVE-2019-10512 RESERVED CVE-2019-10511 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...) NOT-FOR-US: Snapdragon CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...) @@ -27160,6 +27167,7 @@ CVE-2019-10494 RESERVED CVE-2019-10493 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...) NOT-FOR-US: Snapdragon CVE-2019-10491 @@ -27176,8 +27184,10 @@ CVE-2019-10486 RESERVED CVE-2019-10485 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10484 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-10483 RESERVED CVE-2019-10482 @@ -31123,8 +31133,11 @@ CVE-2019-9468 RESERVED CVE-2019-9467 RESERVED + NOT-FOR-US: LG components for Android CVE-2019-9466 RESERVED + - linux <unfixed> + NOTE: https://patchwork.kernel.org/patch/10812613/ CVE-2019-9465 RESERVED CVE-2019-9464 @@ -50500,8 +50513,10 @@ CVE-2019-2339 RESERVED CVE-2019-2338 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2337 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2336 RESERVED CVE-2019-2335 @@ -50534,10 +50549,13 @@ CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non NOT-FOR-US: Qualcomm components for Android CVE-2019-2321 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2320 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2319 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2318 RESERVED CVE-2019-2317 @@ -50556,6 +50574,7 @@ CVE-2019-2311 RESERVED CVE-2019-2310 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...) NOT-FOR-US: Snapdragon CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...) @@ -50600,6 +50619,7 @@ CVE-2019-2289 RESERVED CVE-2019-2288 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...) NOT-FOR-US: Snapdragon CVE-2019-2286 @@ -50710,6 +50730,7 @@ CVE-2019-2234 RESERVED CVE-2019-2233 RESERVED + NOT-FOR-US: Android CVE-2019-2232 RESERVED CVE-2019-2231 @@ -50749,50 +50770,80 @@ CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege fro NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f CVE-2019-2214 RESERVED + - linux <unfixed> + NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-m...@android.com/ CVE-2019-2213 RESERVED + - linux <unfixed> + NOTE: https://lore.kernel.org/patchwork/patch/1087916/ CVE-2019-2212 RESERVED + - libc++ <removed> + - llvm-toolchain-6.0 <unfixed> + - llvm-toolchain-7.0 <unfixed> + NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39 + TODO: check CVE-2019-2211 RESERVED + NOT-FOR-US: Android CVE-2019-2210 RESERVED + NOT-FOR-US: Android CVE-2019-2209 RESERVED + NOT-FOR-US: Android CVE-2019-2208 RESERVED + NOT-FOR-US: Android CVE-2019-2207 RESERVED + NOT-FOR-US: Android CVE-2019-2206 RESERVED + NOT-FOR-US: Android CVE-2019-2205 RESERVED + NOT-FOR-US: Android CVE-2019-2204 RESERVED + NOT-FOR-US: Android CVE-2019-2203 RESERVED + NOT-FOR-US: Android media framework CVE-2019-2202 RESERVED + NOT-FOR-US: Android media framework CVE-2019-2201 RESERVED + - libjpeg-turbo <unfixed> + NOTE: https://source.android.com/security/bulletin/2019-11-01 + NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff + TODO: check CVE-2019-2200 RESERVED CVE-2019-2199 RESERVED + NOT-FOR-US: Android CVE-2019-2198 RESERVED + NOT-FOR-US: Android CVE-2019-2197 RESERVED + NOT-FOR-US: Android CVE-2019-2196 RESERVED + NOT-FOR-US: Android CVE-2019-2195 RESERVED + NOT-FOR-US: Android CVE-2019-2194 RESERVED CVE-2019-2193 RESERVED + NOT-FOR-US: Android CVE-2019-2192 RESERVED + NOT-FOR-US: Android CVE-2019-2191 (In LG's LAF component, there is a possible leak of information in a pr ...) NOT-FOR-US: LG components for Android CVE-2019-2190 (In LG's LAF component, there is a possible leak of information in a pr ...) @@ -51121,6 +51172,7 @@ CVE-2019-2037 (In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible NOT-FOR-US: Android CVE-2019-2036 RESERVED + NOT-FOR-US: Android CVE-2019-2035 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-boun ...) NOT-FOR-US: Android CVE-2019-2034 (In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits