Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0018e30 by Neil Williams at 2022-03-24T11:47:42+00:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37934,51 +37934,51 @@ CVE-2021-39739
CVE-2021-39738
RESERVED
CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID:
A-208229524Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and
lwis_peri ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there
is a pos ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a
possible w ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write
due to a m ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39728
RESERVED
CVE-2021-39727 (In eicPresentationRetrieveEntryValue of
acropora/app/identity/libeic/E ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of
bounds read d ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c,
there is a ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of
tuning_provider_base.cc, th ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID:
A-209014813Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to
memory c ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID:
A-207433926Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a
possible out ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of
protocolstkadapter.cpp, ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible
out of bo ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID:
A-206977562Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of
kernel memory ...)
- TODO: check
+ NOT-FOR-US: Android kernel patches
CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible
use-after-free du ...)
{DLA-2940-1}
- linux 4.12.6-1
@@ -37988,31 +37988,31 @@ CVE-2021-39713 (Product: AndroidVersions: Android
kernelAndroid ID: A-173788806R
- linux 5.2.6-1
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39712 (In TBD of TBD, there is a possible user after free
vulnerability due t ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible
out of bou ...)
- linux 4.18.6-1
NOTE:
https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024
NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01
CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID:
A-202160245Referen ...)
- TODO: check
+ NOT-FOR-US: Pixel
CVE-2021-39709 (In sendSipAccountsRemovedNotification of
SipAccountRegistry.java, ther ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a
possible out of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way
to clea ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39705 (In getNotificationTag of LegacyVoicemailNotifier.java, there
is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39704 (In deleteNotificationChannelGroup of
NotificationManagerService.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible
unauthori ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39700
RESERVED
CVE-2021-39699
@@ -38023,23 +38023,23 @@ CVE-2021-39698 (In aio_poll_complete_work of aio.c,
there is a possible memory c
[bullseye] - linux 5.10.92-1
NOTE: https://source.android.com/security/bulletin/2022-03-01
CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is
a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39696
RESERVED
CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible
permissi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for
default apps ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a
possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible
way to se ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39691
RESERVED
CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible
way to p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to
TBD. This ...)
NOT-FOR-US: Pixel
CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a
possible ...)
@@ -38087,7 +38087,7 @@ CVE-2021-39669 (In onCreate of
InstallCaCertificateWarning.java, there is a poss
CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible
Intent ...)
NOT-FOR-US: Android
CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of
bounds re ...)
NOT-FOR-US: Android
CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible
out of bo ...)
@@ -38195,7 +38195,7 @@ CVE-2021-39626 (In onAttach of
ConnectedDeviceDashboardFragment.java, there is a
CVE-2021-39625 (In showCarrierAppInstallationNotification of
EuiccNotificationManager. ...)
NOT-FOR-US: Android
CVE-2021-39624 (In Package Manger, there is a possible permanent denial of
service due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out
of boun ...)
NOT-FOR-US: Android
CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset
Protection ...)
@@ -38775,9 +38775,9 @@ CVE-2021-39386
CVE-2021-39385
RESERVED
CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file
write vuln ...)
- TODO: check
+ NOT-FOR-US: DWSurvey
CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command
execution ( ...)
- TODO: check
+ NOT-FOR-US: DWSurvey
CVE-2021-39382
RESERVED
CVE-2021-39381
@@ -40375,7 +40375,7 @@ CVE-2021-38747
CVE-2021-38746
RESERVED
CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click
code injec ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2021-38744
RESERVED
CVE-2021-38743
@@ -52280,7 +52280,7 @@ CVE-2021-33855
CVE-2021-33854
RESERVED
CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code
(javascri ...)
- TODO: check
+ NOT-FOR-US: X2Engine X2CRM
CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code
(JavaScri ...)
NOT-FOR-US: post-duplicator-image plugin for WordPress
CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code
(JavaScri ...)
@@ -58953,7 +58953,7 @@ CVE-2021-31328
CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine
Name Fi ...)
NOT-FOR-US: Remote Clinic
CVE-2021-31326 (D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to
arbitra ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-816
CVE-2021-31325
RESERVED
CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is
affected by a ...)
@@ -59749,7 +59749,7 @@ CVE-2021-30974
CVE-2021-30973 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30972 (This issue was addressed with improved checks. This issue is
fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30971 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30970 (A logic issue was addressed with improved state management.
This issue ...)
@@ -59861,21 +59861,21 @@ CVE-2021-30930 (A logic issue was addressed with
improved state management. This
CVE-2021-30929 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30928 (A memory corruption issue was addressed with improved input
validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30927 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2021-30926 (Description: A memory corruption issue in the processing of
ICC profil ...)
NOT-FOR-US: Apple
CVE-2021-30925 (The issue was addressed with improved permissions logic. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30924 (A denial of service issue was addressed with improved state
handling. ...)
NOT-FOR-US: Apple
CVE-2021-30923 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30922 (Multiple out-of-bounds write issues were addressed with
improved bound ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30921 (A logic issue was addressed with improved state management.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30920 (A permissions issue was addressed with improved validation.
This issue ...)
NOT-FOR-US: Apple
CVE-2021-30919 (An out-of-bounds write was addressed with improved input
validation. T ...)
@@ -60029,7 +60029,7 @@ CVE-2021-30858 (A use after free issue was addressed
with improved memory manage
CVE-2021-30857 (A race condition was addressed with improved locking. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30856 (This issue was addressed by adding a new Remote Login option
for optin ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30855 (A validation issue existed in the handling of symlinks. This
issue was ...)
NOT-FOR-US: Apple
CVE-2021-30854 (A logic issue was addressed with improved state management.
This issue ...)
@@ -60245,7 +60245,7 @@ CVE-2021-30773 (An issue in code signature validation
was addressed with improve
CVE-2021-30772 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30771 (An out-of-bounds write was addressed with improved input
validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-30770 (A logic issue was addressed with improved validation. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30769 (A logic issue was addressed with improved state management.
This issue ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0018e303d2905c7984e30e63296e7fee4a54ce9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0018e303d2905c7984e30e63296e7fee4a54ce9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
