Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 611e3f61 by Moritz Muehlenhoff at 2018-07-03T21:36:58+02:00 Android NFUs, two linux issues reported via Android - - - - - d71035dd by Moritz Muehlenhoff at 2018-07-03T21:43:53+02:00 Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -4674,6 +4674,7 @@ CVE-2018-11305 RESERVED CVE-2018-11304 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-11303 RESERVED CVE-2018-11302 @@ -4764,10 +4765,13 @@ CVE-2018-11260 RESERVED CVE-2018-11259 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-11258 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-11257 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18283 RESERVED CVE-2017-18282 @@ -4778,16 +4782,22 @@ CVE-2017-18280 RESERVED CVE-2017-18279 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18278 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18277 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18276 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18275 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18274 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function ...) - libpodofo <unfixed> (low) [stretch] - libpodofo <no-dsa> (Minor issue) @@ -9242,6 +9252,7 @@ CVE-2018-9435 RESERVED CVE-2018-9434 RESERVED + NOT-FOR-US: Android CVE-2018-9433 RESERVED NOT-FOR-US: Android @@ -9250,10 +9261,13 @@ CVE-2018-9432 NOT-FOR-US: Android CVE-2018-9431 RESERVED + NOT-FOR-US: Android CVE-2018-9430 RESERVED + NOT-FOR-US: Android CVE-2018-9429 RESERVED + NOT-FOR-US: Android Media Framework CVE-2018-9428 RESERVED NOT-FOR-US: Android Media Framework @@ -9261,6 +9275,7 @@ CVE-2018-9427 RESERVED CVE-2018-9426 RESERVED + NOT-FOR-US: Android CVE-2018-9425 RESERVED CVE-2018-9424 @@ -9268,6 +9283,7 @@ CVE-2018-9424 NOT-FOR-US: Android Media Framework CVE-2018-9423 RESERVED + NOT-FOR-US: Android Media Framework CVE-2018-9422 RESERVED - linux 4.6.1-1 @@ -9283,16 +9299,24 @@ CVE-2018-9419 NOT-FOR-US: Android CVE-2018-9418 RESERVED + NOT-FOR-US: Android CVE-2018-9417 RESERVED + NOT-FOR-US: Android kernel (no source release, so not from upstream kernel) CVE-2018-9416 RESERVED + NOT-FOR-US: Android kernel (no source release, so not from upstream kernel) CVE-2018-9415 RESERVED + - linux <undetermined> + NOTE: https://source.android.com/security/bulletin/pixel/2018-07-01 + NOTE: https://patchwork.kernel.org/patch/9946759/ CVE-2018-9414 RESERVED + NOT-FOR-US: Android CVE-2018-9413 RESERVED + NOT-FOR-US: Android CVE-2018-9412 RESERVED NOT-FOR-US: Android Media Framework @@ -9370,6 +9394,7 @@ CVE-2018-9377 RESERVED CVE-2018-9376 RESERVED + NOT-FOR-US: Android CVE-2018-9375 RESERVED CVE-2018-9374 @@ -17039,12 +17064,16 @@ CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in NOTE: double-free introduced and fixed in the 4.11 release cycle CVE-2017-18173 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18172 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18171 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18170 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing cache ...) - linux <not-affected> (Android-specific) CVE-2017-18168 @@ -17124,6 +17153,7 @@ CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm .. NOT-FOR-US: Qualcomm components for Android CVE-2017-18131 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18129 (In Android before security patch level 2018-04-05 on Qualcomm ...) @@ -19670,6 +19700,7 @@ CVE-2018-5908 RESERVED CVE-2018-5907 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5906 RESERVED CVE-2018-5905 @@ -19720,6 +19751,7 @@ CVE-2018-5883 RESERVED CVE-2018-5882 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5881 RESERVED CVE-2018-5880 @@ -19728,18 +19760,23 @@ CVE-2018-5879 RESERVED CVE-2018-5878 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5877 RESERVED CVE-2018-5876 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5875 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5874 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5873 RESERVED CVE-2018-5872 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5871 RESERVED CVE-2018-5870 @@ -19754,26 +19791,32 @@ CVE-2018-5866 RESERVED CVE-2018-5865 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5864 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5862 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5861 RESERVED CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5859 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5858 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5856 RESERVED CVE-2018-5855 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-5853 @@ -19809,8 +19852,10 @@ CVE-2018-5839 RESERVED CVE-2018-5838 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5837 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-5836 RESERVED CVE-2018-5835 @@ -26185,6 +26230,7 @@ CVE-2018-3587 RESERVED CVE-2018-3586 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-3585 RESERVED CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) @@ -26217,6 +26263,7 @@ CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for NOT-FOR-US: Qualcomm components for Android CVE-2018-3570 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2018-3569 RESERVED CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) @@ -40072,6 +40119,7 @@ CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, F NOT-FOR-US: Qualcomm component for Android CVE-2017-15851 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) @@ -40092,6 +40140,7 @@ CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the m NOT-FOR-US: Qualcomm components for Android CVE-2017-15841 RESERVED + NOT-FOR-US: Qualcomm components for Android CVE-2017-15840 RESERVED CVE-2017-15839 @@ -84192,6 +84241,8 @@ CVE-2017-1001 RESERVED CVE-2017-1000 RESERVED + - linux 4.13.4-1 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa CVE-2017-0999 RESERVED CVE-2017-0998 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/599fcdcb40149bd2bf1484f3654e705ac4003d8a...d71035dd4134a108c634d7e16cf428f2682faaa6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/599fcdcb40149bd2bf1484f3654e705ac4003d8a...d71035dd4134a108c634d7e16cf428f2682faaa6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits