[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jan 3 15:06:17 GMT 2019 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc0428c0 by Moritz Muehlenhoff at 2019-01-03T15:05:33Z
NFUs
one unimportant staging linux issue
add some notes for libxls, libdoc

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -936,13 +936,13 @@ CVE-2018-20455 (In radare2 prior to 3.1.1, the parseOperand function inside ...)
 CVE-2018-20454 (An issue was discovered in 74cms v4.2.111. ...)
 	NOT-FOR-US: 74cms
 CVE-2018-20453 (The getlong function in numutils.c in libdoc through 2017-10-23 has a ...)
-	TODO: check
+	TODO: check, potentially affects src:catdoc
 CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid ...)
-	TODO: check
+	TODO: check, potentially affects src:r-cran-readxl
 CVE-2018-20451 (The process_file function in reader.c in libdoc through 2017-10-23 has ...)
-	TODO: check
+	TODO: check, potentially affects src:catdoc
 CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double free that ...)
-	TODO: check
+	TODO: check, potentially affects src:r-cran-readxl
 CVE-2018-20449
 	RESERVED
 CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the ...)
@@ -29560,18 +29560,20 @@ CVE-2018-11990
 CVE-2018-11989
 	RESERVED
 CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	- linux <undetermined>
-	TODO: check
+	- linux <unfixed> (unimportant)
+	NOTE: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5e9ffcfa152ecb2832990c42fcd8a0f2e63c2c04
+	NOTE: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin#_CVE-2018-11987
+	NOTE: ion not enabled in Debian build and in staging anyway
 CVE-2018-11986 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11985 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11984 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11983 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, ...)
 	NOT-FOR-US: Snapdragon
 CVE-2018-11981
@@ -29607,17 +29609,17 @@ CVE-2018-11967
 CVE-2018-11966
 	RESERVED
 CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11962
 	RESERVED
 CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: CodeAurora components for Android
 CVE-2018-11959
 	RESERVED
 CVE-2018-11958
@@ -29728,7 +29730,7 @@ CVE-2018-11907 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
 CVE-2018-11906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11905 (In all android releases(Android for MSM, Firefox OS for MSM, QRD ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11904 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0428c0fddecee171e200f109efc7049452555a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc0428c0fddecee171e200f109efc7049452555a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190103/1e0b6ac4/attachment.html>

More information about the debian-security-tracker-commits mailing list