[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jul 14 18:17:17 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84d9555e by Moritz Muehlenhoff at 2023-07-14T19:16:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47443,9 +47443,10 @@ CVE-2023-21402
CVE-2023-21401
RESERVED
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
- TODO: check
+ NOT-FOR-US: Android/Pixel kernel
+ NOTE: Apparently a Pixel-specific issue, no source release
CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...)
- TODO: check
+ NOT-FOR-US: Android/Pixel kernel
CVE-2023-21398
RESERVED
CVE-2023-21397
@@ -47723,53 +47724,53 @@ CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possib
CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out of bound ...)
TODO: check
CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21259
RESERVED
CVE-2023-21258
RESERVED
CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...)
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21253
RESERVED
CVE-2023-21252
RESERVED
CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21248 (In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21247 (In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceContr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way for an a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21244
RESERVED
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21242
RESERVED
CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to leak ima ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of images b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...)
@@ -47955,7 +47956,7 @@ CVE-2023-21147 (In lwis_i2c_device_disable of lwis_device_i2c.c, there is a poss
CVE-2023-21146 (there is a possible way to corrupt memory due to a use after free. Thi ...)
NOT-FOR-US: Android
CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...)
@@ -50976,7 +50977,7 @@ CVE-2023-20577
CVE-2023-20576
RESERVED
CVE-2023-20575 (A potential power side-channel vulnerability in some AMD processors ma ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2023-20574
RESERVED
CVE-2023-20573
@@ -152534,7 +152535,7 @@ CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain fu
CVE-2021-33799
RESERVED
CVE-2021-33798 (A null pointer dereference was found in libpano13, version libpano13-2 ...)
- TODO: duplicate of CVE-2021-33293, pinged Fedora for reject
+ NOTE: duplicate of CVE-2021-33293, pinged Fedora for reject
CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...)
- mujs 1.1.3-2
[bullseye] - mujs <no-dsa> (Minor issue)
@@ -196930,7 +196931,7 @@ CVE-2021-0950
CVE-2021-0949
RESERVED
CVE-2021-0948 (The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver ca ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on th ...)
NOT-FOR-US: Android
CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameI ...)
@@ -217949,7 +217950,7 @@ CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a SQL injection vulnerability
CVE-2020-20119
RESERVED
CVE-2020-20118 (Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2020-20117
RESERVED
CVE-2020-20116
@@ -218143,7 +218144,7 @@ CVE-2020-20023
CVE-2020-20022
RESERVED
CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier allows atta ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2020-20020
RESERVED
CVE-2020-20019
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d9555e48d8765450e54b77be42c531d5c06199
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d9555e48d8765450e54b77be42c531d5c06199
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/868b4d38/attachment.htm>
More information about the debian-security-tracker-commits
mailing list