[Git][security-tracker-team/security-tracker][master] new linux/ashmem issue

Moritz Muehlenhoff jmm at debian.org
Mon Jan 13 12:00:10 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0529e8b by Moritz Muehlenhoff at 2020-01-13T12:59:37+01:00
new linux/ashmem issue
NFUs
keepass non-issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mr
 CVE-2020-6837
 	RESERVED
 CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...)
-	TODO: check
+	NOT-FOR-US: hot-formula-parser Node package
 CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...)
 	- bftpd <itp> (bug #640469)
 CVE-2020-6834
@@ -3984,7 +3984,8 @@ CVE-2019-20186
 CVE-2019-20185
 	RESERVED
 CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...)
-	TODO: check
+	- keepass2 <unfixed> (unimportant)
+	NOTE: No security impact
 CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...)
 	NOT-FOR-US: Employee Records System
 CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...)
@@ -19289,7 +19290,8 @@ CVE-2020-0011
 CVE-2020-0010
 	RESERVED
 CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write  ...)
-	TODO: check
+	- linux <unfixed>
+	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there  ...)
 	NOT-FOR-US: Android
 CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...)
@@ -41608,7 +41610,7 @@ CVE-2019-10780
 CVE-2019-10779
 	RESERVED
 CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: devcert-sanscache
 CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...)
 	NOT-FOR-US: aws-lambda
 CVE-2019-10776 (In "index.js" file line 240, the run command executes the git command  ...)
@@ -46460,7 +46462,8 @@ CVE-2019-9425 (In Bluetooth, there is a possible out of bounds read due to a mis
 CVE-2019-9424 (In the Screen Lock, there is a possible information disclosure due to  ...)
 	NOT-FOR-US: Android
 CVE-2019-9423 (In opencv calls that use libpng, there is a possible out of bounds wri ...)
-	TODO: check
+	- opencv <undetermined>
+	NOTE: Currently no further information available
 CVE-2019-9422 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android
 CVE-2019-9421 (In libandroidfw, there is a possible OOB read due to an integer overfl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0529e8b932a492235f6b19d0c901a7155394a25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a0529e8b932a492235f6b19d0c901a7155394a25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200113/dc4177d4/attachment.html>

More information about the debian-security-tracker-commits mailing list