[Git][security-tracker-team/security-tracker][master] aom note fixed CVEs 2020-36130 to 135

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6672245 by Neil Williams at 2021-12-03T10:46:41+00:00
aom note fixed CVEs 2020-36130 to 135

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59560,19 +59560,47 @@ CVE-2020-36137
 CVE-2020-36136
 	RESERVED
 CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911
+	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1)
 CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation via the  ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2914
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2940
+	NOTE: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.0.1)
+	TODO: check qtwebengine-opensource-src 5.15.7
 CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the  ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
+	NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.0.0)
 CVE-2020-36132
 	RESERVED
 CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.0.1)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1
 CVE-2020-36129 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
-	TODO: check
+	- aom 3.2.0-1
+	[bullseye] - aom <not-affected> (Vulnerable code introduced later)
+	[buster] - aom <not-affected> (Vulnerable code introduced later)
+	NOTE: https://aomedia.googlesource.com/aom/+/7a20d10027fd91fbe11e38182a1d45238e102c4a%5E%21/#F0 (v3.0.0)
+	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1
+	TODO: check qtwebengine-opensource-src 5.15.7
 CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
 	NOT-FOR-US: Pax Technology PAXSTORE
 CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66722453fc6bf3380e6a1d7525442051b51b0b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66722453fc6bf3380e6a1d7525442051b51b0b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211203/2bcc7570/attachment-0001.htm>