[Git][security-tracker-team/security-tracker][master] new libexif issue

Moritz Muehlenhoff jmm at debian.org
Mon Nov 11 12:15:43 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61826fde by Moritz Muehlenhoff at 2019-11-11T12:15:20Z
new libexif issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31493,7 +31493,7 @@ CVE-2019-9416 (In libstagefright there is a possible information disclosure due
 CVE-2019-9415 (In libstagefright there is a possible information disclosure due to un ...)
 	NOT-FOR-US: Android
 CVE-2019-9414 (In wpa_supplicant, there is a possible man in the middle vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9413 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9412 (In libSBRdec there is a possible out of bounds read due to incorrect b ...)
@@ -31571,7 +31571,7 @@ CVE-2019-9377 (In FingerprintService, there is a possible bypass for operating s
 CVE-2019-9376 (In the Accounts package, there is a possible crash due to improper inp ...)
 	NOT-FOR-US: Android
 CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a race cond ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9374 (In CompanionDeviceManager, there is a possible bypass of user interact ...)
 	NOT-FOR-US: Android
 CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization for t ...)
@@ -31772,7 +31772,9 @@ CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to i
 CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...)
 	NOT-FOR-US: Android
 CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer  ...)
-	TODO: check
+	- libexif <unfixed>
+	NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
+	NOTE: Doesn't seem to have been fixed/forwarded upstream at https://github.com/libexif/libexif
 CVE-2019-9277 (In the proc filesystem, there is a possible information disclosure due ...)
 	NOT-FOR-US: Android
 CVE-2019-9276 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
@@ -31843,7 +31845,7 @@ CVE-2019-9245 (In the Android kernel in the f2fs driver there is a possible out
 CVE-2019-9244 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
 	NOT-FOR-US: Android
 CVE-2019-9243 (In wpa_supplicant_8, there is a possible out of bounds read due to a m ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9242 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
 	NOT-FOR-US: Android
 CVE-2019-9241 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61826fde49e22f00e362bbe4c09b71435c357b0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61826fde49e22f00e362bbe4c09b71435c357b0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191111/491c86e7/attachment.html>

More information about the debian-security-tracker-commits mailing list