[Git][security-tracker-team/security-tracker][master] add flac commit refs

Wed, 16 Dec 2020 00:58:43 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
42b1200d by Moritz Muehlenhoff at 2020-12-16T09:56:55+01:00
add flac commit refs
one flac Android CVE assignment is a duplicate

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80414,6 +80414,8 @@ CVE-2020-0500 (In startInputUncheckedLocked of 
InputMethodManager.java, there is
        NOT-FOR-US: Android
 CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there 
is a p ...)
        - flac <unfixed>
+       [buster] - flac <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
        NOTE: 
https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0
        NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
 CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a 
possible out o ...)
@@ -80439,9 +80441,12 @@ CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a 
possible out of bounds wr
 CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of 
ihevc_inter_pred_filters_ssse ...)
        NOT-FOR-US: Android media framework
 CVE-2020-0487 (In read_metadata_vorbiscomment_ of stream_decoder.c, there is 
possible ...)
-       - flac <unfixed>
+       - flac 1.3.2-2 (low; bug #897015)
+       [stretch] - flac <no-dsa> (Minor issue)
+       NOTE: 
https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67
        NOTE: 
https://android.googlesource.com/platform/external/flac/+/706c378d541b5e54b108e06a863065d603433b54
        NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
+       NOTE: Duplicate of CVE-2017-6888, should be rejected
 CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a 
possibl ...)
        TODO: check
 CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a 
possible acces ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b1200df597737de7c836af6421946fae78c9c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42b1200df597737de7c836af6421946fae78c9c0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to