[Git][security-tracker-team/security-tracker][master] NFUs and some generic issues from current Android release
Moritz Muehlenhoff
jmm at debian.org
Wed Nov 6 17:57:37 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0bea478 by Moritz Muehlenhoff at 2019-11-06T17:57:07Z
NFUs and some generic issues from current Android release
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27004,6 +27004,7 @@ CVE-2019-10572
RESERVED
CVE-2019-10571
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10570
RESERVED
CVE-2019-10569
@@ -27028,6 +27029,7 @@ CVE-2019-10560
RESERVED
CVE-2019-10559
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10558
RESERVED
CVE-2019-10557
@@ -27036,6 +27038,7 @@ CVE-2019-10556
RESERVED
CVE-2019-10555
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10554
RESERVED
CVE-2019-10553
@@ -27056,6 +27059,7 @@ CVE-2019-10546
RESERVED
CVE-2019-10545
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10544
RESERVED
CVE-2019-10543
@@ -27086,6 +27090,7 @@ CVE-2019-10531
RESERVED
CVE-2019-10530
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10529
RESERVED
CVE-2019-10528
@@ -27106,6 +27111,7 @@ CVE-2019-10521
RESERVED
CVE-2019-10520
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10519
RESERVED
CVE-2019-10518
@@ -27124,6 +27130,7 @@ CVE-2019-10512
RESERVED
CVE-2019-10511
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...)
NOT-FOR-US: Snapdragon
CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...)
@@ -27160,6 +27167,7 @@ CVE-2019-10494
RESERVED
CVE-2019-10493
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2019-10491
@@ -27176,8 +27184,10 @@ CVE-2019-10486
RESERVED
CVE-2019-10485
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10484
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10483
RESERVED
CVE-2019-10482
@@ -31123,8 +31133,11 @@ CVE-2019-9468
RESERVED
CVE-2019-9467
RESERVED
+ NOT-FOR-US: LG components for Android
CVE-2019-9466
RESERVED
+ - linux <unfixed>
+ NOTE: https://patchwork.kernel.org/patch/10812613/
CVE-2019-9465
RESERVED
CVE-2019-9464
@@ -50500,8 +50513,10 @@ CVE-2019-2339
RESERVED
CVE-2019-2338
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2337
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2336
RESERVED
CVE-2019-2335
@@ -50534,10 +50549,13 @@ CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2321
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2320
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2319
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2318
RESERVED
CVE-2019-2317
@@ -50556,6 +50574,7 @@ CVE-2019-2311
RESERVED
CVE-2019-2310
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
NOT-FOR-US: Snapdragon
CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...)
@@ -50600,6 +50619,7 @@ CVE-2019-2289
RESERVED
CVE-2019-2288
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
NOT-FOR-US: Snapdragon
CVE-2019-2286
@@ -50710,6 +50730,7 @@ CVE-2019-2234
RESERVED
CVE-2019-2233
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2232
RESERVED
CVE-2019-2231
@@ -50749,50 +50770,80 @@ CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege fro
NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
CVE-2019-2214
RESERVED
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-maco@android.com/
CVE-2019-2213
RESERVED
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/patchwork/patch/1087916/
CVE-2019-2212
RESERVED
+ - libc++ <removed>
+ - llvm-toolchain-6.0 <unfixed>
+ - llvm-toolchain-7.0 <unfixed>
+ NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
+ TODO: check
CVE-2019-2211
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2210
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2209
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2208
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2207
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2206
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2205
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2204
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2203
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2019-2202
RESERVED
+ NOT-FOR-US: Android media framework
CVE-2019-2201
RESERVED
+ - libjpeg-turbo <unfixed>
+ NOTE: https://source.android.com/security/bulletin/2019-11-01
+ NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
+ TODO: check
CVE-2019-2200
RESERVED
CVE-2019-2199
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2198
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2197
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2196
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2195
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2194
RESERVED
CVE-2019-2193
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2192
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2191 (In LG's LAF component, there is a possible leak of information in a pr ...)
NOT-FOR-US: LG components for Android
CVE-2019-2190 (In LG's LAF component, there is a possible leak of information in a pr ...)
@@ -51121,6 +51172,7 @@ CVE-2019-2037 (In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible
NOT-FOR-US: Android
CVE-2019-2036
RESERVED
+ NOT-FOR-US: Android
CVE-2019-2035 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-boun ...)
NOT-FOR-US: Android
CVE-2019-2034 (In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0bea478e095741b80821bee49ef3bcbe66a35aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191106/6cfaa4d1/attachment.html>
More information about the debian-security-tracker-commits
mailing list