[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 11 21:10:30 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22b5e35e by security tracker role at 2020-06-11T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-14038
+ RESERVED
+CVE-2020-14037
+ RESERVED
+CVE-2020-14036
+ RESERVED
+CVE-2020-14035
+ RESERVED
+CVE-2020-14034
+ RESERVED
+CVE-2020-14033
+ RESERVED
+CVE-2020-14032
+ RESERVED
+CVE-2020-14031
+ RESERVED
+CVE-2020-14030
+ RESERVED
+CVE-2020-14029
+ RESERVED
+CVE-2020-14028
+ RESERVED
+CVE-2020-14027
+ RESERVED
+CVE-2020-14026
+ RESERVED
+CVE-2020-14025
+ RESERVED
+CVE-2020-14024
+ RESERVED
+CVE-2020-14023
+ RESERVED
+CVE-2020-14022
+ RESERVED
+CVE-2020-14021
+ RESERVED
+CVE-2020-14020
+ RESERVED
+CVE-2020-14019
+ RESERVED
CVE-2020-14018
RESERVED
CVE-2020-14017
@@ -673,7 +713,7 @@ CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows at
NOT-FOR-US: rust-vmm
CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
NOT-FOR-US: Bitrix24
-CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...)
+CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...)
- python-rsa <unfixed> (bug #962142)
[jessie] - python-rsa <no-dsa> (No reverse dependencies)
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
@@ -788,8 +828,8 @@ CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound
CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
- qemu <unfixed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
-CVE-2020-13702
- RESERVED
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...)
+ TODO: check
CVE-2020-13701
RESERVED
CVE-2020-13700
@@ -974,6 +1014,7 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers
CVE-2020-13626
RESERVED
CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
+ {DLA-2244-1}
- libphp-phpmailer <unfixed>
NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
@@ -2700,7 +2741,7 @@ CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator
NOT-FOR-US: Pydio Cells
CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
NOT-FOR-US: Pydio Cells
-CVE-2020-12850 (Pydio Cells Enterprise OVF version 2.0.4 has insecure permissions that ...)
+CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...)
TODO: check
CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
NOT-FOR-US: Pydio Cells
@@ -3038,8 +3079,8 @@ CVE-2020-12727
RESERVED
CVE-2020-12726
RESERVED
-CVE-2020-12725
- RESERVED
+CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...)
+ TODO: check
CVE-2020-12724
RESERVED
CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
@@ -3067,8 +3108,8 @@ CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual
TODO: check
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
TODO: check
-CVE-2020-12712
- RESERVED
+CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...)
+ TODO: check
CVE-2020-12711
RESERVED
CVE-2020-12710
@@ -3792,7 +3833,7 @@ CVE-2020-12411
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410
RESERVED
- {DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3813,7 +3854,7 @@ CVE-2020-12407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406
RESERVED
- {DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3822,7 +3863,7 @@ CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405
RESERVED
- {DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -3841,7 +3882,7 @@ CVE-2020-12400
RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
RESERVED
- {DSA-4695-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -3853,6 +3894,7 @@ CVE-2020-12399 [Force a fixed length for DSA exponentiation]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398
RESERVED
+ {DSA-4702-1}
- thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
@@ -6704,10 +6746,10 @@ CVE-2020-11616
RESERVED
CVE-2020-11615
RESERVED
-CVE-2020-11614
- RESERVED
-CVE-2020-11613
- RESERVED
+CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...)
+ TODO: check
+CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
+ TODO: check
CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
- netty 1:4.1.48-1
[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
@@ -20580,8 +20622,8 @@ CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nit
NOT-FOR-US: Nitro Pro
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
NOT-FOR-US: EPSON
-CVE-2020-6090
- RESERVED
+CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
+ TODO: check
CVE-2020-6089
RESERVED
CVE-2020-6088
@@ -22053,8 +22095,8 @@ CVE-2020-5413
RESERVED
CVE-2020-5412
RESERVED
-CVE-2020-5411
- RESERVED
+CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
+ TODO: check
CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
TODO: check
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
@@ -24731,8 +24773,8 @@ CVE-2020-4382
RESERVED
CVE-2020-4381
RESERVED
-CVE-2020-4380
- RESERVED
+CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
NOT-FOR-US: IBM
CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
@@ -25289,8 +25331,8 @@ CVE-2020-4103
RESERVED
CVE-2020-4102
RESERVED
-CVE-2020-4101
- RESERVED
+CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
+ TODO: check
CVE-2020-4100
RESERVED
CVE-2020-4099
@@ -28944,9 +28986,11 @@ CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Plan
CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
NOT-FOR-US: Oracle
CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
@@ -29092,6 +29136,7 @@ CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle
CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
NOT-FOR-US: Oracle
CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
@@ -37317,11 +37362,13 @@ CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Pro
NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
+ {DSA-4701-1}
- intel-microcode 3.20200609.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
NOTE: https://cacheoutattack.com/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...)
+ {DSA-4701-1}
- intel-microcode 3.20200609.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
@@ -37336,7 +37383,7 @@ CVE-2020-0544
RESERVED
CVE-2020-0543 [Special Register Buffer Data Sampling]
RESERVED
- {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
+ {DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- intel-microcode 3.20200609.1
- linux 5.6.14-2
NOTE: https://www.vusec.net/projects/crosstalk/
@@ -38893,8 +38940,7 @@ CVE-2020-0235
CVE-2020-0234
RESERVED
NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0233
- RESERVED
+CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use ...)
NOT-FOR-US: Android
CVE-2020-0232
RESERVED
@@ -38924,300 +38970,206 @@ CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric
NOT-FOR-US: Android
CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2020-0219
- RESERVED
+CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...)
NOT-FOR-US: Android
-CVE-2020-0218
- RESERVED
+CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp, ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0217
- RESERVED
+CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2020-0216
- RESERVED
+CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2020-0215
- RESERVED
+CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...)
NOT-FOR-US: Android
-CVE-2020-0214
- RESERVED
+CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0213
- RESERVED
+CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0212
- RESERVED
+CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0211
- RESERVED
+CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0210
- RESERVED
+CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...)
NOT-FOR-US: Android
-CVE-2020-0209
- RESERVED
+CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...)
NOT-FOR-US: Android
-CVE-2020-0208
- RESERVED
+CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...)
NOT-FOR-US: Android
-CVE-2020-0207
- RESERVED
+CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0206
- RESERVED
+CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...)
NOT-FOR-US: Android
-CVE-2020-0205
- RESERVED
+CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0204
- RESERVED
+CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...)
NOT-FOR-US: Android
-CVE-2020-0203
- RESERVED
+CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID ...)
NOT-FOR-US: Android
-CVE-2020-0202
- RESERVED
+CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of develop ...)
NOT-FOR-US: Android
-CVE-2020-0201
- RESERVED
+CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0200
- RESERVED
+CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0199
- RESERVED
+CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0198
- RESERVED
+CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...)
- libexif <unfixed> (bug #962345)
NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
-CVE-2020-0197
- RESERVED
+CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0196
- RESERVED
+CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...)
NOT-FOR-US: Android
-CVE-2020-0195
- RESERVED
+CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0194
- RESERVED
+CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0193
- RESERVED
+CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0192
- RESERVED
+CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0191
- RESERVED
+CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0190
- RESERVED
+CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0189
- RESERVED
+CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0188
- RESERVED
+CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...)
NOT-FOR-US: Android
-CVE-2020-0187
- RESERVED
+CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...)
NOT-FOR-US: Android
-CVE-2020-0186
- RESERVED
+CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...)
NOT-FOR-US: Android
-CVE-2020-0185
- RESERVED
+CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2020-0184
- RESERVED
+CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0183
- RESERVED
+CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...)
NOT-FOR-US: Android
-CVE-2020-0182
- RESERVED
+CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
- libexif 0.6.22-1 (low)
[buster] - libexif <no-dsa> (Minor issue)
[stretch] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
NOTE: CVE originally originally reported by Android where a different patch was shipped
-CVE-2020-0181
- RESERVED
+CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...)
{DSA-4618-1 DLA-2100-1}
- libexif 0.6.21-6 (bug #962346)
NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
NOTE: Fixed by the patch for CVE-2019-9278
-CVE-2020-0180
- RESERVED
+CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0179
- RESERVED
+CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0178
- RESERVED
+CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...)
NOT-FOR-US: Android
-CVE-2020-0177
- RESERVED
+CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...)
NOT-FOR-US: Android
-CVE-2020-0176
- RESERVED
+CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds ...)
NOT-FOR-US: Android
-CVE-2020-0175
- RESERVED
+CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0174
- RESERVED
+CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0173
- RESERVED
+CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0172
- RESERVED
+CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0171
- RESERVED
+CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0170
- RESERVED
+CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0169
- RESERVED
+CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0168
- RESERVED
+CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0167
- RESERVED
+CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...)
NOT-FOR-US: Android
-CVE-2020-0166
- RESERVED
+CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...)
NOT-FOR-US: Android
-CVE-2020-0165
- RESERVED
+CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
NOT-FOR-US: Android
-CVE-2020-0164
- RESERVED
+CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
NOT-FOR-US: Android
-CVE-2020-0163
- RESERVED
+CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0162
- RESERVED
+CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0161
- RESERVED
+CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0160
- RESERVED
+CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0159
- RESERVED
+CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...)
NOT-FOR-US: Android
-CVE-2020-0158
- RESERVED
+CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2020-0157
- RESERVED
+CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...)
NOT-FOR-US: Android
-CVE-2020-0156
- RESERVED
+CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...)
NOT-FOR-US: Android
-CVE-2020-0155
- RESERVED
+CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...)
NOT-FOR-US: Android
-CVE-2020-0154
- RESERVED
+CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2020-0153
- RESERVED
+CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...)
NOT-FOR-US: Android
-CVE-2020-0152
- RESERVED
+CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0151
- RESERVED
+CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0150
- RESERVED
+CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2020-0149
- RESERVED
+CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2020-0148
- RESERVED
+CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...)
NOT-FOR-US: Android
-CVE-2020-0147
- RESERVED
+CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...)
NOT-FOR-US: Android
-CVE-2020-0146
- RESERVED
+CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2020-0145
- RESERVED
+CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of ...)
NOT-FOR-US: Android
-CVE-2020-0144
- RESERVED
+CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...)
NOT-FOR-US: Android
-CVE-2020-0143
- RESERVED
+CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...)
NOT-FOR-US: Android
-CVE-2020-0142
- RESERVED
+CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...)
NOT-FOR-US: Android
-CVE-2020-0141
- RESERVED
+CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0140
- RESERVED
+CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information ...)
NOT-FOR-US: Android
-CVE-2020-0139
- RESERVED
+CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...)
NOT-FOR-US: Android
-CVE-2020-0138
- RESERVED
+CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...)
NOT-FOR-US: Android
-CVE-2020-0137
- RESERVED
+CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...)
NOT-FOR-US: Android
-CVE-2020-0136
- RESERVED
+CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...)
NOT-FOR-US: Android
-CVE-2020-0135
- RESERVED
+CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...)
NOT-FOR-US: Android
-CVE-2020-0134
- RESERVED
+CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0133
- RESERVED
+CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...)
NOT-FOR-US: Android
-CVE-2020-0132
- RESERVED
+CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0131
- RESERVED
+CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0130
RESERVED
-CVE-2020-0129
- RESERVED
+CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
NOT-FOR-US: Android
-CVE-2020-0128
- RESERVED
+CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0127
- RESERVED
+CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0126
- RESERVED
+CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0125
RESERVED
-CVE-2020-0124
- RESERVED
+CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0123
RESERVED
@@ -39300,7 +39252,7 @@ CVE-2020-0090 (An improper authorization in the receiver component of Email.Prod
NOT-FOR-US: Mediatek components for Android
CVE-2020-0089
RESERVED
-CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...)
+CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b5e35ed526dbb5111b4296b340bef6450351e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b5e35ed526dbb5111b4296b340bef6450351e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200611/714336b2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list