[Git][security-tracker-team/security-tracker][master] new LLVM issue, NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Sep 21 13:41:01 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55ab2a30 by Moritz Muehlenhoff at 2020-09-21T14:40:45+02:00
new LLVM issue, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64920,9 +64920,9 @@ CVE-2020-0428 (In CamX code, there is a possible use after free due to a race co
CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...)
TODO: check
CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0424
RESERVED
CVE-2020-0423
@@ -64960,7 +64960,7 @@ CVE-2020-0408
CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
TODO: check
CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)
TODO: check
CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...)
@@ -65030,51 +65030,51 @@ CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a miss
CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...)
TODO: check
CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0371
RESERVED
CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0368
RESERVED
CVE-2020-0367
RESERVED
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...)
TODO: check
CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
TODO: check
CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...)
TODO: check
CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
@@ -65084,43 +65084,43 @@ CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing b
CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
TODO: check
CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...)
TODO: check
CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0339
RESERVED
CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...)
TODO: check
CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...)
TODO: check
CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...)
TODO: check
CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...)
TODO: check
CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...)
TODO: check
CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...)
@@ -65128,31 +65128,31 @@ CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitiali
CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...)
TODO: check
CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...)
TODO: check
CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...)
TODO: check
CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...)
TODO: check
CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...)
TODO: check
CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...)
TODO: check
CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
@@ -65160,11 +65160,15 @@ CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsa
CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...)
TODO: check
CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
TODO: check
CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
- TODO: check
+ - llvm-toolchain-11 <undetermined>
+ - llvm-toolchain-10 <undetermined>
+ - llvm-toolchain-9 <undetermined>
+ - llvm-toolchain-8 <undetermined>
+ TODO: get some proper references
CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
- linux 5.4.13-1
[buster] - linux 4.19.98-1
@@ -65174,11 +65178,11 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due
CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
TODO: check
CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
TODO: check
CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...)
TODO: check
CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...)
@@ -65186,27 +65190,27 @@ CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device me
CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...)
TODO: check
CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
TODO: check
CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...)
TODO: check
CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
TODO: check
CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
TODO: check
CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...)
TODO: check
CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...)
@@ -65222,17 +65226,17 @@ CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing b
CVE-2020-0280
RESERVED
CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...)
TODO: check
CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...)
TODO: check
CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...)
TODO: check
CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...)
@@ -65240,19 +65244,19 @@ CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to
CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...)
TODO: check
CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...)
TODO: check
CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...)
TODO: check
CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
TODO: check
CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...)
TODO: check
CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...)
TODO: check
CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...)
@@ -65533,7 +65537,7 @@ CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a
CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
NOT-FOR-US: Android
CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
@@ -65543,7 +65547,7 @@ CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out
CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...)
- TODO: check
+ NOT-FOR-US: Android Media framework
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55ab2a3073663355b37d7b9ea650039b69600477
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55ab2a3073663355b37d7b9ea650039b69600477
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200921/47e48808/attachment.html>
More information about the debian-security-tracker-commits
mailing list