[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jun 13 09:10:21 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
577385e0 by security tracker role at 2018-06-13T08:10:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,15 @@
+CVE-2018-12267
+	RESERVED
+CVE-2018-12266
+	RESERVED
+CVE-2018-12265
+	RESERVED
+CVE-2018-12264
+	RESERVED
+CVE-2018-12263
+	RESERVED
+CVE-2018-12262
+	RESERVED
 CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All ...)
 	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
 CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root ...)
@@ -960,6 +972,7 @@ CVE-2018-1002202 [Arbitrary File Write via Archive Extraction]
 CVE-2018-1002201
 	NOT-FOR-US: zt-zip
 CVE-2018-1002200 [arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file]
+	{DSA-4227-1}
 	- plexus-archiver 3.6.0-1 (bug #900953)
 	NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87
 	NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de
@@ -16930,8 +16943,7 @@ CVE-2017-18072 (In Android before security patch level 2018-04-05 on Qualcomm ..
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-18071 (In Android before security patch level 2018-04-05 on Qualcomm ...)
 	NOT-FOR-US: Qualcomm component for Android
-CVE-2017-18070
-	RESERVED
+CVE-2017-18070 (In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
 	NOT-FOR-US: Qualcomm component for Android
@@ -17324,32 +17336,25 @@ CVE-2018-5853
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5852
 	RESERVED
-CVE-2018-5851
-	RESERVED
+CVE-2018-5851 (Buffer over flow can occur while processing a ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient validation ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5849
-	RESERVED
+CVE-2018-5849 (Due to a race condition in the QTEECOM driver in all Android releases ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5848
-	RESERVED
+CVE-2018-5848 (In the function wmi_set_ie(), the length validation code does not ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5847
-	RESERVED
+CVE-2018-5847 (Early or late retirement of rotation requests can result in a Use ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5846 (A Use After Free condition can occur in the IPA driver whenever the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5845 (A race condition in drm_atomic_nonblocking_commit() in the display ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5844
-	RESERVED
+CVE-2018-5844 (In the video driver function set_output_buffers(), binfo can be ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5843
-	RESERVED
+CVE-2018-5843 (In the function wma_pdev_div_info_evt_handler() in all Android ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5842
-	RESERVED
+CVE-2018-5842 (An arbitrary address write can occur if a compromised WLAN firmware ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -23688,34 +23693,29 @@ CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android 
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3583
 	RESERVED
-CVE-2018-3582
-	RESERVED
+CVE-2018-3582 (Buffer overflow can occur due to improper input validation in multiple ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3581
-	RESERVED
+CVE-2018-3581 (In the WLAN driver in all Android releases from CAF (Android for MSM, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3580 (Stack-based buffer overflow can occur In the WLAN driver if the ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3579
-	RESERVED
+CVE-2018-3579 (In the WLAN driver in all Android releases from CAF (Android for MSM, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate less ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3577
 	RESERVED
-CVE-2018-3576
-	RESERVED
+CVE-2018-3576 (improper validation of array index in WiFi driver function ...)
+	TODO: check
 CVE-2018-3575
 	RESERVED
 CVE-2018-3574
 	RESERVED
 CVE-2018-3573
 	RESERVED
-CVE-2018-3572
-	RESERVED
+CVE-2018-3572 (While processing a DSP buffer in an audio driver's event handler, an ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3571
-	RESERVED
+CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for MSM, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3570
 	RESERVED
@@ -32732,8 +32732,7 @@ CVE-2018-0498
 	RESERVED
 CVE-2018-0497
 	RESERVED
-CVE-2018-0496 [directory traversal in D-Mod extractor]
-	RESERVED
+CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 ...)
 	- freedink-dfarc 3.14-1
 	[stretch] - freedink-dfarc <no-dsa> (Minor issue)
 	[jessie] - freedink-dfarc <no-dsa> (Minor issue)
@@ -37525,15 +37524,13 @@ CVE-2017-15859 (While processing the ...)
 	NOT-FOR-US: Qualcomm component for Android
 CVE-2017-15858
 	RESERVED
-CVE-2017-15857
-	RESERVED
+CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15856
 	RESERVED
 CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15854
-	RESERVED
+CVE-2017-15854 (The value of fix_param->num_chans is received from firmware and if it ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -37555,11 +37552,9 @@ CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15844
 	RESERVED
-CVE-2017-15843
-	RESERVED
+CVE-2017-15843 (Due to a race condition in a bus driver, a double free in ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2017-15842
-	RESERVED
+CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-15841
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577385e0700870d6ab3d22686aff61978306a141

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/577385e0700870d6ab3d22686aff61978306a141
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180613/94dc7380/attachment.html>

More information about the debian-security-tracker-commits mailing list