[Git][security-tracker-team/security-tracker][master] add flac commit refs

Moritz Muehlenhoff jmm at debian.org
Wed Dec 16 08:58:35 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42b1200d by Moritz Muehlenhoff at 2020-12-16T09:56:55+01:00
add flac commit refs
one flac Android CVE assignment is a duplicate

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80414,6 +80414,8 @@ CVE-2020-0500 (In startInputUncheckedLocked of InputMethodManager.java, there is
 	NOT-FOR-US: Android
 CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a p ...)
 	- flac <unfixed>
+	[buster] - flac <no-dsa> (Minor issue)
+	NOTE: https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
 	NOTE: https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0
 	NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
 CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a possible out o ...)
@@ -80439,9 +80441,12 @@ CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a possible out of bounds wr
 CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse ...)
 	NOT-FOR-US: Android media framework
 CVE-2020-0487 (In read_metadata_vorbiscomment_ of stream_decoder.c, there is possible ...)
-	- flac <unfixed>
+	- flac 1.3.2-2 (low; bug #897015)
+	[stretch] - flac <no-dsa> (Minor issue)
+	NOTE: https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67
 	NOTE: https://android.googlesource.com/platform/external/flac/+/706c378d541b5e54b108e06a863065d603433b54
 	NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
+	NOTE: Duplicate of CVE-2017-6888, should be rejected
 CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a possibl ...)
 	TODO: check
 CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a possible acces ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b1200df597737de7c836af6421946fae78c9c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b1200df597737de7c836af6421946fae78c9c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201216/481b418b/attachment.html>

More information about the debian-security-tracker-commits mailing list