[Git][security-tracker-team/security-tracker][master] new linux issue

Moritz Muehlenhoff jmm at debian.org
Mon Sep 21 17:09:23 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d26fc328 by Moritz Muehlenhoff at 2020-09-21T18:09:02+02:00
new linux issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64913,7 +64913,8 @@ CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bound
 	NOTE: https://git.kernel.org/linus/4d1356ac12f4d5180d0df345d85ff0ee42b89c72
 	NOTE: Staging driver, not enabled/built
 CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write  ...)
-	TODO: check
+	- linux 5.5.13-1
+	NOTE: https://git.kernel.org/linus/4f3882177240a1f55e45a3d241d3121341bead78
 CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of  ...)
 	TODO: check
 CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is  ...)
@@ -64965,7 +64966,7 @@ CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some i
 CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked  ...)
 	- linux 5.4.19-1
 	[buster] - linux 4.19.118-1
@@ -65029,9 +65030,9 @@ CVE-2020-0377
 CVE-2020-0376
 	RESERVED
 CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...)
@@ -65049,7 +65050,7 @@ CVE-2020-0367
 CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
 	NOT-FOR-US: Android
 CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
@@ -65071,7 +65072,7 @@ CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to
 CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
@@ -65079,11 +65080,11 @@ CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to S
 CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
 	TODO: check
 CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
@@ -65109,15 +65110,15 @@ CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions che
 CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
 	NOT-FOR-US: Android
 CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
 	NOT-FOR-US: Android
 CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
@@ -65125,11 +65126,11 @@ CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to
 CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
@@ -65141,15 +65142,15 @@ CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due
 CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
 	NOT-FOR-US: Android
 CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead  ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...)
@@ -65157,15 +65158,15 @@ CVE-2020-0313 (In NotificationManagerService, there is a possible permission byp
 CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
 	NOT-FOR-US: Android
 CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
 	NOT-FOR-US: Android
 CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
 	- llvm-toolchain-11 <undetermined>
 	- llvm-toolchain-10 <undetermined>
@@ -65179,33 +65180,33 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due
 	[jessie] - linux 3.16.84-1
 	NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079
 CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to  ...)
 	NOT-FOR-US: Android
 CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
 	NOT-FOR-US: Android
 CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
 	NOT-FOR-US: Android
 CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
 	NOT-FOR-US: Android
 CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
@@ -65215,17 +65216,17 @@ CVE-2020-0288 (In PackageManager, there is a missing permission check. This coul
 CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0283
 	RESERVED
 CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0280
 	RESERVED
 CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
@@ -65235,35 +65236,35 @@ CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bound
 CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
 	NOT-FOR-US: Android
 CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
 	NOT-FOR-US: Android
 CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due  ...)
 	NOT-FOR-US: Android
 CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...)
 	NOT-FOR-US: C2 flame devices
 CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
@@ -65632,7 +65633,7 @@ CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for met
 CVE-2020-0090 (An improper authorization in the receiver component of Email.Product:  ...)
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26fc3289078d524997aca32421dead25c5b4b59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26fc3289078d524997aca32421dead25c5b4b59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200921/a21a5e2f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list