Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55ab2a30 by Moritz Muehlenhoff at 2020-09-21T14:40:45+02:00
new LLVM issue, NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -64920,9 +64920,9 @@ CVE-2020-0428 (In CamX code, there is a possible use
after free due to a race co
CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds
read du ...)
TODO: check
CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an
unsafe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0425 (There is a possible way to view notifications even when the
"Lockdown" ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0424
RESERVED
CVE-2020-0423
@@ -64960,7 +64960,7 @@ CVE-2020-0408
CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some
implem ...)
TODO: check
CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass
due to ...)
TODO: check
CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible
linked ...)
@@ -65030,51 +65030,51 @@ CVE-2020-0375 (In Telephony, there is a possible
permission bypass due to a miss
CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe
Pending ...)
TODO: check
CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds
read due t ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0372 (In ActivityManager, there is a possible access to protected
data due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0371
RESERVED
CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to
missing bo ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an
integer o ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0368
RESERVED
CVE-2020-0367
RESERVED
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due
to a t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0365 (In netd, there is a possible out of bounds read due to a
missing bound ...)
TODO: check
CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to
improper i ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due
to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to
uninit ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0360 (In Notification Access Confirmation, there is a possible
permissions b ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due
to a b ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a
race co ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to
improper ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due
to an in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due
to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a
missing ...)
TODO: check
CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due
to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to
SQL in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to
improper in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a
missing bound ...)
TODO: check
CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing
bounds ...)
@@ -65084,43 +65084,43 @@ CVE-2020-0348 (In NFC, there is a possible out of
bounds read due to a missing b
CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an
incorre ...)
TODO: check
CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to
an inte ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a
confuse ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to
SQL in ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected
data d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0342 (There is a possible out of bounds write due to an incorrect
bounds che ...)
TODO: check
CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to
a miss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information
disclosure d ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0339
RESERVED
CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions
check d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions
check du ...)
TODO: check
CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to
type con ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a
missing bound ...)
TODO: check
CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a
missing bound ...)
TODO: check
CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an
uncaught ex ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could
lead t ...)
TODO: check
CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use
after fre ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due
to inva ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an
intege ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0327 (In core networking, there is a missing permission check. This
could le ...)
TODO: check
CVE-2020-0326 (In NFC, there is a possible out of bounds write due to
uninitialized d ...)
@@ -65128,31 +65128,31 @@ CVE-2020-0326 (In NFC, there is a possible out of
bounds write due to uninitiali
CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to
local info ...)
TODO: check
CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write
due to u ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due
to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a
missing bound ...)
TODO: check
CVE-2020-0318 (In the System UI, there is a possible system crash due to an
uncaught ...)
TODO: check
CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected
data due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0316 (In Telephony, there is a missing permission check. This could
lead to ...)
TODO: check
CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an
unsafe Pe ...)
TODO: check
CVE-2020-0314 (In AudioService, there are missing permission checks. This
could lead ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0313 (In NotificationManagerService, there is a possible permission
bypass d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to
an unsa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0311 (In InputManagerService, there is a possible permission bypass
due to a ...)
TODO: check
CVE-2020-0310 (In Settings, there is a possible permission bypass due to an
unsafe Pe ...)
@@ -65160,11 +65160,15 @@ CVE-2020-0310 (In Settings, there is a possible
permission bypass due to an unsa
CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds
write due t ...)
TODO: check
CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to
an uns ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0307 (In Settings, there is a possible permission bypass due to an
unsafe Pe ...)
TODO: check
CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement
due to ...)
- TODO: check
+ - llvm-toolchain-11 <undetermined>
+ - llvm-toolchain-10 <undetermined>
+ - llvm-toolchain-9 <undetermined>
+ - llvm-toolchain-8 <undetermined>
+ TODO: get some proper references
CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free
due to a ...)
- linux 5.4.13-1
[buster] - linux 4.19.98-1
@@ -65174,11 +65178,11 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a
possible use-after-free due
CVE-2020-0304 (In Settings, there is a possible permission bypass due to an
unsafe Pe ...)
TODO: check
CVE-2020-0303 (In the Media extractor, there is a possible use after free due
to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0302 (In Settings, there is a possible permission bypass due to an
unsafe Pe ...)
TODO: check
CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due
to impr ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0300 (In NFC, there is a possible out of bounds read due to
uninitialized da ...)
TODO: check
CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device
metadat ...)
@@ -65186,27 +65190,27 @@ CVE-2020-0299 (In Bluetooth, there is a possible
spoofing of bluetooth device me
CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth
enabled state ...)
TODO: check
CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass
due to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0296 (In ADB server and USB server, there is a possible permission
bypass du ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an
unsafe Pen ...)
TODO: check
CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass
due to ...)
TODO: check
CVE-2020-0293 (In Java network APIs, there is possible access to sensitive
network st ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
TODO: check
CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a
missing ...)
TODO: check
CVE-2020-0290 (In PackageManager, there is a missing permission check. This
could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0289 (In PackageManager, there is a missing permission check. This
could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0288 (In PackageManager, there is a missing permission check. This
could lea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due
to a m ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata
due to ...)
TODO: check
CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a
missing p ...)
@@ -65222,17 +65226,17 @@ CVE-2020-0281 (In NFC, there is a possible out of
bounds read due to a missing b
CVE-2020-0280
RESERVED
CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due
to a mis ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0278 (There is a possible out of bounds write due to an incorrect
bounds che ...)
TODO: check
CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions
bypass ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a
missing p ...)
TODO: check
CVE-2020-0275 (In MediaProvider, there is a possible way to access
ContentResolver an ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0274 (In the OMX parser, there is a possible information disclosure
due to a ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write
due to fr ...)
TODO: check
CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due
to unin ...)
@@ -65240,19 +65244,19 @@ CVE-2020-0272 (In libhwbinder, there is a possible
information disclosure due to
CVE-2020-0271 (In the Settings app, there is an insecure default value. This
could le ...)
TODO: check
CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a
missing bo ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass
due to ...)
TODO: check
CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race
condition. Th ...)
TODO: check
CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected
app due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due
to a m ...)
TODO: check
CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to
missin ...)
TODO: check
CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due
to an i ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0263 (In the Accessibility service, there is a possible permission
bypass du ...)
TODO: check
CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled
intent due ...)
@@ -65533,7 +65537,7 @@ CVE-2020-0132 (In BnAAudioService::onTransact of
IAAudioService.cpp, there is a
CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of
bounds ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0130 (In screencap, there is a possible command injection due to
improper in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible
out-of-bound w ...)
NOT-FOR-US: Android
CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of
bounds r ...)
@@ -65543,7 +65547,7 @@ CVE-2020-0127 (In AudioStream::decode of
AudioGroup.cpp, there is a possible out
CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use
after ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a
missing b ...)
- TODO: check
+ NOT-FOR-US: Android Media framework
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a
possible ...)
NOT-FOR-US: Android
CVE-2020-0123 (There is a possible out of bounds write due to an incorrect
bounds che ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55ab2a3073663355b37d7b9ea650039b69600477
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55ab2a3073663355b37d7b9ea650039b69600477
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
