[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sat Jan 19 08:10:21 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
642cad9a by security tracker role at 2019-01-19T08:10:10Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2019-6494
+	RESERVED
+CVE-2019-6493
+	RESERVED
+CVE-2019-6492
+	RESERVED
+CVE-2019-6491
+	RESERVED
+CVE-2019-6490
+	RESERVED
+CVE-2019-6489
+	RESERVED
+CVE-2018-20741
+	RESERVED
+CVE-2018-20740
+	RESERVED
+CVE-2018-20739
+	RESERVED
+CVE-2018-20738
+	RESERVED
+CVE-2018-20737
+	RESERVED
+CVE-2018-20736
+	RESERVED
 CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) through ...)
 	- glibc <unfixed> (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097
@@ -5847,12 +5871,12 @@ CVE-2019-3776
 	RESERVED
 CVE-2019-3775
 	RESERVED
-CVE-2019-3774
-	RESERVED
-CVE-2019-3773
-	RESERVED
-CVE-2019-3772
-	RESERVED
+CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported ...)
+	TODO: check
+CVE-2019-3773 (Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported ...)
+	TODO: check
+CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration-ws ...)
+	TODO: check
 CVE-2019-3771
 	RESERVED
 CVE-2019-3770
@@ -7979,8 +8003,8 @@ CVE-2018-20235
 	RESERVED
 CVE-2018-20234
 	RESERVED
-CVE-2018-20233
-	RESERVED
+CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager ...)
+	TODO: check
 CVE-2018-20232
 	RESERVED
 CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication ...)
@@ -26204,8 +26228,8 @@ CVE-2018-15786
 	REJECTED
 CVE-2018-15785
 	REJECTED
-CVE-2018-15784
-	RESERVED
+CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a ...)
+	TODO: check
 CVE-2018-15783
 	REJECTED
 CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
@@ -34649,10 +34673,10 @@ CVE-2017-18334
 	RESERVED
 CVE-2017-18333
 	RESERVED
-CVE-2017-18332
-	RESERVED
-CVE-2017-18331
-	RESERVED
+CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or ...)
+	TODO: check
+CVE-2017-18331 (Improper access control on secure display buffers in snapdragon ...)
+	TODO: check
 CVE-2017-18330 (Buffer overflow in AES-CCM and AES-GCM encryption via initialization ...)
 	NOT-FOR-US: snapdragon
 CVE-2017-18329 (Possible Buffer overflow when transmitting an RTP packet in snapdragon ...)
@@ -35999,10 +36023,10 @@ CVE-2018-12001
 	RESERVED
 CVE-2018-12000
 	RESERVED
-CVE-2018-11999
-	RESERVED
-CVE-2018-11998
-	RESERVED
+CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service ...)
+	TODO: check
+CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can ...)
+	TODO: check
 CVE-2018-11997
 	RESERVED
 CVE-2018-11996 (When a malformed command is sent to the device programmer, an ...)
@@ -36011,8 +36035,8 @@ CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11993
-	RESERVED
+CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT ...)
+	TODO: check
 CVE-2018-11992
 	RESERVED
 CVE-2018-11991
@@ -37944,8 +37968,7 @@ CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11289
 	RESERVED
-CVE-2018-11288
-	RESERVED
+CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
 	NOT-FOR-US: Qualcomm components for Android
@@ -37953,8 +37976,8 @@ CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11284
-	RESERVED
+CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the ...)
+	TODO: check
 CVE-2018-11283
 	RESERVED
 CVE-2018-11282
@@ -37963,8 +37986,8 @@ CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QR
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-11279
-	RESERVED
+CVE-2018-11279 (Lack of check of input size can make device memory get corrupted ...)
+	TODO: check
 CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, ...)
@@ -50742,8 +50765,8 @@ CVE-2017-18162
 	RESERVED
 CVE-2017-18161
 	RESERVED
-CVE-2017-18160
-	RESERVED
+CVE-2017-18160 (AGPS session failure in GNSS module due to cyphersuites are hardcoded ...)
+	TODO: check
 CVE-2017-18159 (In Android releases from CAF using the linux kernel (Android for MSM, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in Android ...)
@@ -53346,8 +53369,8 @@ CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper i
 	NOT-FOR-US: Snapdragon
 CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...)
 	NOT-FOR-US: Snapdragon
-CVE-2018-5915
-	RESERVED
+CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...)
+	TODO: check
 CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5913
@@ -53414,12 +53437,12 @@ CVE-2018-5883
 	RESERVED
 CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-5881
-	RESERVED
-CVE-2018-5880
-	RESERVED
-CVE-2018-5879
-	RESERVED
+CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device ...)
+	TODO: check
+CVE-2018-5880 (Improper data length check while processing an event report indication ...)
+	TODO: check
+CVE-2018-5879 (Improper length check while processing an MQTT message can lead to ...)
+	TODO: check
 CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5877 (In the device programmer target-side code for firehose, a string may ...)
@@ -53441,12 +53464,12 @@ CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can ...)
 	NOT-FOR-US: Snapdragon
-CVE-2018-5869
-	RESERVED
-CVE-2018-5868
-	RESERVED
-CVE-2018-5867
-	RESERVED
+CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to ...)
+	TODO: check
+CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
+	TODO: check
+CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
+	TODO: check
 CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5865 (While processing a debug log event from firmware in all Android ...)
@@ -60194,8 +60217,8 @@ CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the lin
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
 	NOT-FOR-US: Qualcomm components for Android
-CVE-2018-3595
-	RESERVED
+CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading ...)
+	TODO: check
 CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...)
@@ -97295,8 +97318,8 @@ CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...)
 	NOT-FOR-US: Qualcomm driver for Android
-CVE-2017-8276
-	RESERVED
+CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon ...)
+	TODO: check
 CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/642cad9a3a7f18dc404ff254d394d807236cbff7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190119/fa2d756f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list