[Git][security-tracker-team/security-tracker][master] 2 commits: Android NFUs, two linux issues reported via Android
Moritz Muehlenhoff
jmm at debian.org
Tue Jul 3 20:44:12 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
611e3f61 by Moritz Muehlenhoff at 2018-07-03T21:36:58+02:00
Android NFUs, two linux issues reported via Android
- - - - -
d71035dd by Moritz Muehlenhoff at 2018-07-03T21:43:53+02:00
Merge branch 'master' of https://salsa.debian.org/security-tracker-team/security-tracker
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4674,6 +4674,7 @@ CVE-2018-11305
RESERVED
CVE-2018-11304
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11303
RESERVED
CVE-2018-11302
@@ -4764,10 +4765,13 @@ CVE-2018-11260
RESERVED
CVE-2018-11259
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11258
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11257
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18283
RESERVED
CVE-2017-18282
@@ -4778,16 +4782,22 @@ CVE-2017-18280
RESERVED
CVE-2017-18279
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18278
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18277
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18276
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18275
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18274
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function ...)
- libpodofo <unfixed> (low)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -9242,6 +9252,7 @@ CVE-2018-9435
RESERVED
CVE-2018-9434
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9433
RESERVED
NOT-FOR-US: Android
@@ -9250,10 +9261,13 @@ CVE-2018-9432
NOT-FOR-US: Android
CVE-2018-9431
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9430
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9429
RESERVED
+ NOT-FOR-US: Android Media Framework
CVE-2018-9428
RESERVED
NOT-FOR-US: Android Media Framework
@@ -9261,6 +9275,7 @@ CVE-2018-9427
RESERVED
CVE-2018-9426
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9425
RESERVED
CVE-2018-9424
@@ -9268,6 +9283,7 @@ CVE-2018-9424
NOT-FOR-US: Android Media Framework
CVE-2018-9423
RESERVED
+ NOT-FOR-US: Android Media Framework
CVE-2018-9422
RESERVED
- linux 4.6.1-1
@@ -9283,16 +9299,24 @@ CVE-2018-9419
NOT-FOR-US: Android
CVE-2018-9418
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9417
RESERVED
+ NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9416
RESERVED
+ NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9415
RESERVED
+ - linux <undetermined>
+ NOTE: https://source.android.com/security/bulletin/pixel/2018-07-01
+ NOTE: https://patchwork.kernel.org/patch/9946759/
CVE-2018-9414
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9413
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9412
RESERVED
NOT-FOR-US: Android Media Framework
@@ -9370,6 +9394,7 @@ CVE-2018-9377
RESERVED
CVE-2018-9376
RESERVED
+ NOT-FOR-US: Android
CVE-2018-9375
RESERVED
CVE-2018-9374
@@ -17039,12 +17064,16 @@ CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in
NOTE: double-free introduced and fixed in the 4.11 release cycle
CVE-2017-18173
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18172
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18171
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18170
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18169 (User process can perform the kernel DOS in ashmem when doing cache ...)
- linux <not-affected> (Android-specific)
CVE-2017-18168
@@ -17124,6 +17153,7 @@ CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm ..
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18131
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18129 (In Android before security patch level 2018-04-05 on Qualcomm ...)
@@ -19670,6 +19700,7 @@ CVE-2018-5908
RESERVED
CVE-2018-5907
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5906
RESERVED
CVE-2018-5905
@@ -19720,6 +19751,7 @@ CVE-2018-5883
RESERVED
CVE-2018-5882
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881
RESERVED
CVE-2018-5880
@@ -19728,18 +19760,23 @@ CVE-2018-5879
RESERVED
CVE-2018-5878
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877
RESERVED
CVE-2018-5876
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5875
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5874
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5873
RESERVED
CVE-2018-5872
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5871
RESERVED
CVE-2018-5870
@@ -19754,26 +19791,32 @@ CVE-2018-5866
RESERVED
CVE-2018-5865
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5864
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5862
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5861
RESERVED
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5859
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5858
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5856
RESERVED
CVE-2018-5855
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5853
@@ -19809,8 +19852,10 @@ CVE-2018-5839
RESERVED
CVE-2018-5838
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5837
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-5836
RESERVED
CVE-2018-5835
@@ -26185,6 +26230,7 @@ CVE-2018-3587
RESERVED
CVE-2018-3586
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-3585
RESERVED
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -26217,6 +26263,7 @@ CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for
NOT-FOR-US: Qualcomm components for Android
CVE-2018-3570
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-3569
RESERVED
CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
@@ -40072,6 +40119,7 @@ CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, F
NOT-FOR-US: Qualcomm component for Android
CVE-2017-15851
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -40092,6 +40140,7 @@ CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the m
NOT-FOR-US: Qualcomm components for Android
CVE-2017-15841
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2017-15840
RESERVED
CVE-2017-15839
@@ -84192,6 +84241,8 @@ CVE-2017-1001
RESERVED
CVE-2017-1000
RESERVED
+ - linux 4.13.4-1
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
CVE-2017-0999
RESERVED
CVE-2017-0998
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/599fcdcb40149bd2bf1484f3654e705ac4003d8a...d71035dd4134a108c634d7e16cf428f2682faaa6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/599fcdcb40149bd2bf1484f3654e705ac4003d8a...d71035dd4134a108c634d7e16cf428f2682faaa6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180703/841df7b1/attachment.html>
More information about the debian-security-tracker-commits
mailing list