[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Sep 9 09:41:31 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b2d372e by Salvatore Bonaccorso at 2020-09-09T10:40:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32424,11 +32424,11 @@ CVE-2020-11137
 CVE-2020-11136
 	RESERVED
 CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11134
 	RESERVED
 CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11132
 	RESERVED
 CVE-2020-11131
@@ -32436,7 +32436,7 @@ CVE-2020-11131
 CVE-2020-11130
 	RESERVED
 CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11127
@@ -32446,7 +32446,7 @@ CVE-2020-11126
 CVE-2020-11125
 	RESERVED
 CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11123
 	RESERVED
 CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...)
@@ -32460,7 +32460,7 @@ CVE-2020-11119
 CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11116 (u'Possible out of bound write while processing association response re ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...)
@@ -52042,7 +52042,7 @@ CVE-2020-3704
 CVE-2020-3703
 	RESERVED
 CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...)
@@ -52088,7 +52088,7 @@ CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remote
 CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API.  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3679 (u'During execution after Address Space Layout Randomization is turned  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3678
 	RESERVED
 CVE-2020-3677
@@ -52098,7 +52098,7 @@ CVE-2020-3676 (Possible memory corruption in perfservice due to improper validat
 CVE-2020-3675 (u'Potential integer underflow while parsing Service Info and IPv6 link ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3674 (u'Information can leak into userspace due to improper transfer of data ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3673
 	RESERVED
 CVE-2020-3672
@@ -52134,7 +52134,7 @@ CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 cli
 CVE-2020-3657
 	RESERVED
 CVE-2020-3656 (u'Out of bound access can happen in MHI command process due to lack of ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3655
 	RESERVED
 CVE-2020-3654
@@ -52150,7 +52150,7 @@ CVE-2020-3650
 CVE-2020-3649
 	RESERVED
 CVE-2020-3648 (u'Possible out of bound write in DSP driver code due to lack of check  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3647 (u'Potential buffer overflow when accessing npu debugfs node "off"/"log ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3646 (u'Buffer overflow seen as the destination buffer size is lesser than t ...)
@@ -52178,7 +52178,7 @@ CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header en
 CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
 	NOT-FOR-US: Snapdragon
 CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check while dec ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3632
@@ -52188,7 +52188,7 @@ CVE-2020-3631
 CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
 	NOT-FOR-US: Snapdragon
 CVE-2020-3627
@@ -52202,17 +52202,17 @@ CVE-2020-3624 (u'A potential buffer overflow exists due to integer overflow when
 CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3622 (u'Channel name string which has been read from shared memory is potent ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3621 (u'Lack of check to ensure that the TX read index & RX write index  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3620 (u'Lack of check of integer overflow while doing a round up operation f ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3619 (u'Non-secure memory is touched multiple times during TrustZone\u2019s  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3617 (u'Buffer over-read Issue in Q6 testbus framework due to diag packet le ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and  ...)
@@ -77066,7 +77066,7 @@ CVE-2019-14119 (u'While processing SMCInvoke asynchronous message header, messag
 CVE-2019-14118
 	RESERVED
 CVE-2019-14117 (u'Whenever the page list is updated via privileged user, the previous  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-14115 (u'Information disclosure issue occurs as in current logic as secure to ...)
@@ -77152,7 +77152,7 @@ CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length
 CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14074 (u'Heap overflow in diag command handler due to lack of check of packet ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
@@ -77310,13 +77310,13 @@ CVE-2019-13997
 CVE-2019-13996
 	RESERVED
 CVE-2019-13995 (u'Lack of integer overflow check for addition of fragment size and rem ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-13994 (u'Lack of check that the current received data fragment size of a part ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-13993
 	RESERVED
 CVE-2019-13992 (u'Out of bound memory access if stack push and pop operation are perfo ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
 	NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
 CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b2d372e61c9cbb638d490597f5a21cba18b7353

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b2d372e61c9cbb638d490597f5a21cba18b7353
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200909/58a87be8/attachment.html>

More information about the debian-security-tracker-commits mailing list