[Git][security-tracker-team/security-tracker][master] NFUs

Fri, 14 Jul 2023 10:17:24 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84d9555e by Moritz Muehlenhoff at 2023-07-14T19:16:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47443,9 +47443,10 @@ CVE-2023-21402
 CVE-2023-21401
        RESERVED
 CVE-2023-21400 (In multiple functions  of io_uring.c, there is a possible 
kernel memor ...)
-       TODO: check
+       NOT-FOR-US: Android/Pixel kernel
+       NOTE: Apparently a Pixel-specific issue, no source release
 CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due 
to a lo ...)
-       TODO: check
+       NOT-FOR-US: Android/Pixel kernel
 CVE-2023-21398
        RESERVED
 CVE-2023-21397
@@ -47723,53 +47724,53 @@ CVE-2023-21262 (In startInput of 
AudioPolicyInterfaceImpl.cpp, there is a possib
 CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out 
of bound ...)
        TODO: check
 CVE-2023-21260 (In notification access permission dialog box, malicious 
application ca ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21259
        RESERVED
 CVE-2023-21258
        RESERVED
 CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, 
there is a p ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to 
launch ar ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory 
corrupti ...)
        - linux 6.3.7-1
        [bookworm] - linux 6.1.37-1
        NOTE: 
https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
 CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there 
is a po ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21253
        RESERVED
 CVE-2023-21252
        RESERVED
 CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to 
connect  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible 
out of bou ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, 
there is a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21248 (In getAvailabilityStatus of 
WifiScanningMainSwitchPreferenceController ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21247 (In getAvailabilityStatus of 
BluetoothScanningMainSwitchPreferenceContr ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way 
for an a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21245 (In showNextSecurityScreenOrFinish of 
KeyguardSecurityContainerControll ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21244
        RESERVED
 CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, 
there is a ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21242
        RESERVED
 CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out 
of bound ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to 
resourc ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to 
leak ima ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of 
images b ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there 
is a pos ...)
        NOT-FOR-US: Android
 CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible 
out of b ...)
@@ -47955,7 +47956,7 @@ CVE-2023-21147 (In lwis_i2c_device_disable of 
lwis_device_i2c.c, there is a poss
 CVE-2023-21146 (there is a possible way to corrupt memory due to a use after 
free. Thi ...)
        NOT-FOR-US: Android
 CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is 
a possi ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there 
is a poss ...)
        NOT-FOR-US: Android
 CVE-2023-21143 (In multiple functions of multiple files, there is a possible 
way to ma ...)
@@ -50976,7 +50977,7 @@ CVE-2023-20577
 CVE-2023-20576
        RESERVED
 CVE-2023-20575 (A potential power side-channel vulnerability in some AMD 
processors ma ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2023-20574
        RESERVED
 CVE-2023-20573
@@ -152534,7 +152535,7 @@ CVE-2021-33800 (In Druid 1.2.3, visiting the path 
with parameter in a certain fu
 CVE-2021-33799
        RESERVED
 CVE-2021-33798 (A null pointer dereference was found in libpano13, version 
libpano13-2 ...)
-       TODO: duplicate of CVE-2021-33293, pinged Fedora for reject
+       NOTE: duplicate of CVE-2021-33293, pinged Fedora for reject
 CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 
to 1.1.1 ...)
        - mujs 1.1.3-2
        [bullseye] - mujs <no-dsa> (Minor issue)
@@ -196930,7 +196931,7 @@ CVE-2021-0950
 CVE-2021-0949
        RESERVED
 CVE-2021-0948 (The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel 
driver ca ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2021-0947 (The method PVRSRVBridgeTLDiscoverStreams allocates 
puiStreamsInt on th ...)
        NOT-FOR-US: Android
 CVE-2021-0946 (The method PVRSRVBridgePMRPDumpSymbolicAddr allocates 
puiMemspaceNameI ...)
@@ -217949,7 +217950,7 @@ CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a 
SQL injection vulnerability
 CVE-2020-20119
        RESERVED
 CVE-2020-20118 (Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Avast
 CVE-2020-20117
        RESERVED
 CVE-2020-20116
@@ -218143,7 +218144,7 @@ CVE-2020-20023
 CVE-2020-20022
        RESERVED
 CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier 
allows atta ...)
-       TODO: check
+       NOT-FOR-US: MikroTik
 CVE-2020-20020
        RESERVED
 CVE-2020-20019



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d9555e48d8765450e54b77be42c531d5c06199

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84d9555e48d8765450e54b77be42c531d5c06199
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to