[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jun 11 21:10:30 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22b5e35e by security tracker role at 2020-06-11T20:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-14038
+	RESERVED
+CVE-2020-14037
+	RESERVED
+CVE-2020-14036
+	RESERVED
+CVE-2020-14035
+	RESERVED
+CVE-2020-14034
+	RESERVED
+CVE-2020-14033
+	RESERVED
+CVE-2020-14032
+	RESERVED
+CVE-2020-14031
+	RESERVED
+CVE-2020-14030
+	RESERVED
+CVE-2020-14029
+	RESERVED
+CVE-2020-14028
+	RESERVED
+CVE-2020-14027
+	RESERVED
+CVE-2020-14026
+	RESERVED
+CVE-2020-14025
+	RESERVED
+CVE-2020-14024
+	RESERVED
+CVE-2020-14023
+	RESERVED
+CVE-2020-14022
+	RESERVED
+CVE-2020-14021
+	RESERVED
+CVE-2020-14020
+	RESERVED
+CVE-2020-14019
+	RESERVED
 CVE-2020-14018
 	RESERVED
 CVE-2020-14017
@@ -673,7 +713,7 @@ CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows at
 	NOT-FOR-US: rust-vmm
 CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
 	NOT-FOR-US: Bitrix24
-CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...)
+CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of  ...)
 	- python-rsa <unfixed> (bug #962142)
 	[jessie] - python-rsa <no-dsa> (No reverse dependencies)
 	NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
@@ -788,8 +828,8 @@ CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound
 CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
 	- qemu <unfixed>
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
-CVE-2020-13702
-	RESERVED
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...)
+	TODO: check
 CVE-2020-13701
 	RESERVED
 CVE-2020-13700
@@ -974,6 +1014,7 @@ CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers
 CVE-2020-13626
 	RESERVED
 CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
+	{DLA-2244-1}
 	- libphp-phpmailer <unfixed>
 	NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
 	NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
@@ -2700,7 +2741,7 @@ CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator
 	NOT-FOR-US: Pydio Cells
 CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
 	NOT-FOR-US: Pydio Cells
-CVE-2020-12850 (Pydio Cells Enterprise OVF version 2.0.4 has insecure permissions that ...)
+CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...)
 	TODO: check
 CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
 	NOT-FOR-US: Pydio Cells
@@ -3038,8 +3079,8 @@ CVE-2020-12727
 	RESERVED
 CVE-2020-12726
 	RESERVED
-CVE-2020-12725
-	RESERVED
+CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...)
+	TODO: check
 CVE-2020-12724
 	RESERVED
 CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
@@ -3067,8 +3108,8 @@ CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual
 	TODO: check
 CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
 	TODO: check
-CVE-2020-12712
-	RESERVED
+CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE  ...)
+	TODO: check
 CVE-2020-12711
 	RESERVED
 CVE-2020-12710
@@ -3792,7 +3833,7 @@ CVE-2020-12411
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
 CVE-2020-12410
 	RESERVED
-	{DSA-4695-1 DLA-2243-1}
+	{DSA-4702-1 DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3813,7 +3854,7 @@ CVE-2020-12407
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
 CVE-2020-12406
 	RESERVED
-	{DSA-4695-1 DLA-2243-1}
+	{DSA-4702-1 DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3822,7 +3863,7 @@ CVE-2020-12406
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
 CVE-2020-12405
 	RESERVED
-	{DSA-4695-1 DLA-2243-1}
+	{DSA-4702-1 DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- thunderbird 1:68.9.0-1
@@ -3841,7 +3882,7 @@ CVE-2020-12400
 	RESERVED
 CVE-2020-12399 [Force a fixed length for DSA exponentiation]
 	RESERVED
-	{DSA-4695-1 DLA-2243-1}
+	{DSA-4702-1 DSA-4695-1 DLA-2243-1}
 	- firefox 77.0-1
 	- firefox-esr 68.9.0esr-1
 	- nss 2:3.53-1 (bug #961752)
@@ -3853,6 +3894,7 @@ CVE-2020-12399 [Force a fixed length for DSA exponentiation]
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
 CVE-2020-12398
 	RESERVED
+	{DSA-4702-1}
 	- thunderbird 1:68.9.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
 CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
@@ -6704,10 +6746,10 @@ CVE-2020-11616
 	RESERVED
 CVE-2020-11615
 	RESERVED
-CVE-2020-11614
-	RESERVED
-CVE-2020-11613
-	RESERVED
+CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...)
+	TODO: check
+CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
+	TODO: check
 CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
 	- netty 1:4.1.48-1
 	[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
@@ -20580,8 +20622,8 @@ CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nit
 	NOT-FOR-US: Nitro Pro
 CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
 	NOT-FOR-US: EPSON
-CVE-2020-6090
-	RESERVED
+CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
+	TODO: check
 CVE-2020-6089
 	RESERVED
 CVE-2020-6088
@@ -22053,8 +22095,8 @@ CVE-2020-5413
 	RESERVED
 CVE-2020-5412
 	RESERVED
-CVE-2020-5411
-	RESERVED
+CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
+	TODO: check
 CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
 	TODO: check
 CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
@@ -24731,8 +24773,8 @@ CVE-2020-4382
 	RESERVED
 CVE-2020-4381
 	RESERVED
-CVE-2020-4380
-	RESERVED
+CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting.  ...)
+	TODO: check
 CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
 	NOT-FOR-US: IBM
 CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
@@ -25289,8 +25331,8 @@ CVE-2020-4103
 	RESERVED
 CVE-2020-4102
 	RESERVED
-CVE-2020-4101
-	RESERVED
+CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
+	TODO: check
 CVE-2020-4100
 	RESERVED
 CVE-2020-4099
@@ -28944,9 +28986,11 @@ CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Plan
 CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+	{DSA-4703-1 DLA-2245-1}
 	- mysql-connector-java <removed>
 	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
 CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+	{DSA-4703-1 DLA-2245-1}
 	- mysql-connector-java <removed>
 	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
 CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
@@ -29092,6 +29136,7 @@ CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle
 CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+	{DSA-4703-1 DLA-2245-1}
 	- mysql-connector-java <removed>
 	NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
 CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business  ...)
@@ -37317,11 +37362,13 @@ CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Pro
 	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
 	NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
 CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
+	{DSA-4701-1}
 	- intel-microcode 3.20200609.1
 	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
 	NOTE: https://cacheoutattack.com/
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
 CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated  ...)
+	{DSA-4701-1}
 	- intel-microcode 3.20200609.1
 	NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
@@ -37336,7 +37383,7 @@ CVE-2020-0544
 	RESERVED
 CVE-2020-0543 [Special Register Buffer Data Sampling]
 	RESERVED
-	{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
+	{DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
 	- intel-microcode 3.20200609.1
 	- linux 5.6.14-2
 	NOTE: https://www.vusec.net/projects/crosstalk/
@@ -38893,8 +38940,7 @@ CVE-2020-0235
 CVE-2020-0234
 	RESERVED
 	NOT-FOR-US: Pixel kernel drivers
-CVE-2020-0233
-	RESERVED
+CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use  ...)
 	NOT-FOR-US: Android
 CVE-2020-0232
 	RESERVED
@@ -38924,300 +38970,206 @@ CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric
 	NOT-FOR-US: Android
 CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...)
 	NOT-FOR-US: Android
-CVE-2020-0219
-	RESERVED
+CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...)
 	NOT-FOR-US: Android
-CVE-2020-0218
-	RESERVED
+CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp,  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0217
-	RESERVED
+CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
-CVE-2020-0216
-	RESERVED
+CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2020-0215
-	RESERVED
+CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...)
 	NOT-FOR-US: Android
-CVE-2020-0214
-	RESERVED
+CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...)
 	NOT-FOR-US: Android
-CVE-2020-0213
-	RESERVED
+CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0212
-	RESERVED
+CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0211
-	RESERVED
+CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0210
-	RESERVED
+CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...)
 	NOT-FOR-US: Android
-CVE-2020-0209
-	RESERVED
+CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...)
 	NOT-FOR-US: Android
-CVE-2020-0208
-	RESERVED
+CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...)
 	NOT-FOR-US: Android
-CVE-2020-0207
-	RESERVED
+CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0206
-	RESERVED
+CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...)
 	NOT-FOR-US: Android
-CVE-2020-0205
-	RESERVED
+CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0204
-	RESERVED
+CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...)
 	NOT-FOR-US: Android
-CVE-2020-0203
-	RESERVED
+CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID  ...)
 	NOT-FOR-US: Android
-CVE-2020-0202
-	RESERVED
+CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of develop ...)
 	NOT-FOR-US: Android
-CVE-2020-0201
-	RESERVED
+CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2020-0200
-	RESERVED
+CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0199
-	RESERVED
+CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0198
-	RESERVED
+CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...)
 	- libexif <unfixed> (bug #962345)
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
 	NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
-CVE-2020-0197
-	RESERVED
+CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0196
-	RESERVED
+CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...)
 	NOT-FOR-US: Android
-CVE-2020-0195
-	RESERVED
+CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0194
-	RESERVED
+CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0193
-	RESERVED
+CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0192
-	RESERVED
+CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0191
-	RESERVED
+CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0190
-	RESERVED
+CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0189
-	RESERVED
+CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0188
-	RESERVED
+CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...)
 	NOT-FOR-US: Android
-CVE-2020-0187
-	RESERVED
+CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...)
 	NOT-FOR-US: Android
-CVE-2020-0186
-	RESERVED
+CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...)
 	NOT-FOR-US: Android
-CVE-2020-0185
-	RESERVED
+CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out  ...)
 	NOT-FOR-US: Android
-CVE-2020-0184
-	RESERVED
+CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0183
-	RESERVED
+CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...)
 	NOT-FOR-US: Android
-CVE-2020-0182
-	RESERVED
+CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
 	- libexif 0.6.22-1 (low)
 	[buster] - libexif <no-dsa> (Minor issue)
 	[stretch] - libexif <no-dsa> (Minor issue)
 	NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
 	NOTE: CVE originally originally reported by Android where a different patch was shipped
-CVE-2020-0181
-	RESERVED
+CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...)
 	{DSA-4618-1 DLA-2100-1}
 	- libexif 0.6.21-6 (bug #962346)
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
 	NOTE: Fixed by the patch for CVE-2019-9278
-CVE-2020-0180
-	RESERVED
+CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0179
-	RESERVED
+CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0178
-	RESERVED
+CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...)
 	NOT-FOR-US: Android
-CVE-2020-0177
-	RESERVED
+CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...)
 	NOT-FOR-US: Android
-CVE-2020-0176
-	RESERVED
+CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds  ...)
 	NOT-FOR-US: Android
-CVE-2020-0175
-	RESERVED
+CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0174
-	RESERVED
+CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0173
-	RESERVED
+CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0172
-	RESERVED
+CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0171
-	RESERVED
+CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0170
-	RESERVED
+CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0169
-	RESERVED
+CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0168
-	RESERVED
+CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0167
-	RESERVED
+CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...)
 	NOT-FOR-US: Android
-CVE-2020-0166
-	RESERVED
+CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...)
 	NOT-FOR-US: Android
-CVE-2020-0165
-	RESERVED
+CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
 	NOT-FOR-US: Android
-CVE-2020-0164
-	RESERVED
+CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
 	NOT-FOR-US: Android
-CVE-2020-0163
-	RESERVED
+CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0162
-	RESERVED
+CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0161
-	RESERVED
+CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0160
-	RESERVED
+CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0159
-	RESERVED
+CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...)
 	NOT-FOR-US: Android
-CVE-2020-0158
-	RESERVED
+CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...)
 	NOT-FOR-US: Android
-CVE-2020-0157
-	RESERVED
+CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...)
 	NOT-FOR-US: Android
-CVE-2020-0156
-	RESERVED
+CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...)
 	NOT-FOR-US: Android
-CVE-2020-0155
-	RESERVED
+CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...)
 	NOT-FOR-US: Android
-CVE-2020-0154
-	RESERVED
+CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
-CVE-2020-0153
-	RESERVED
+CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...)
 	NOT-FOR-US: Android
-CVE-2020-0152
-	RESERVED
+CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible  ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0151
-	RESERVED
+CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0150
-	RESERVED
+CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...)
 	NOT-FOR-US: Android
-CVE-2020-0149
-	RESERVED
+CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...)
 	NOT-FOR-US: Android
-CVE-2020-0148
-	RESERVED
+CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...)
 	NOT-FOR-US: Android
-CVE-2020-0147
-	RESERVED
+CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2020-0146
-	RESERVED
+CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...)
 	NOT-FOR-US: Android
-CVE-2020-0145
-	RESERVED
+CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of  ...)
 	NOT-FOR-US: Android
-CVE-2020-0144
-	RESERVED
+CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...)
 	NOT-FOR-US: Android
-CVE-2020-0143
-	RESERVED
+CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2020-0142
-	RESERVED
+CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...)
 	NOT-FOR-US: Android
-CVE-2020-0141
-	RESERVED
+CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0140
-	RESERVED
+CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information  ...)
 	NOT-FOR-US: Android
-CVE-2020-0139
-	RESERVED
+CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...)
 	NOT-FOR-US: Android
-CVE-2020-0138
-	RESERVED
+CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...)
 	NOT-FOR-US: Android
-CVE-2020-0137
-	RESERVED
+CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...)
 	NOT-FOR-US: Android
-CVE-2020-0136
-	RESERVED
+CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...)
 	NOT-FOR-US: Android
-CVE-2020-0135
-	RESERVED
+CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...)
 	NOT-FOR-US: Android
-CVE-2020-0134
-	RESERVED
+CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0133
-	RESERVED
+CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...)
 	NOT-FOR-US: Android
-CVE-2020-0132
-	RESERVED
+CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0131
-	RESERVED
+CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0130
 	RESERVED
-CVE-2020-0129
-	RESERVED
+CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
 	NOT-FOR-US: Android
-CVE-2020-0128
-	RESERVED
+CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0127
-	RESERVED
+CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...)
 	NOT-FOR-US: Android Media Framework
-CVE-2020-0126
-	RESERVED
+CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0125
 	RESERVED
-CVE-2020-0124
-	RESERVED
+CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible  ...)
 	NOT-FOR-US: Android
 CVE-2020-0123
 	RESERVED
@@ -39300,7 +39252,7 @@ CVE-2020-0090 (An improper authorization in the receiver component of Email.Prod
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0089
 	RESERVED
-CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...)
+CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
 	NOT-FOR-US: Android



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b5e35ed526dbb5111b4296b340bef6450351e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22b5e35ed526dbb5111b4296b340bef6450351e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200611/714336b2/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list