From 85a0c23de3ec54fd79b76550973d6db264fcfa73 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Fri, 3 Dec 2021 10:39:38 +0000 Subject: aom note fixed CVEs 2020-36130 to 135 --- data/CVE/2020.list | 40 ++++++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5baaa1d16c..8bb1e5bd5d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1059,19 +1059,47 @@ CVE-2020-36137 CVE-2020-36136 RESERVED CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1 + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911 + NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1) CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation via the ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2914 + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2940 + NOTE: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.0.1) + TODO: check qtwebengine-opensource-src 5.15.7 CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1 + NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.0.0) CVE-2020-36132 RESERVED CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.0.1) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1 CVE-2020-36129 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...) - TODO: check + - aom 3.2.0-1 + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://aomedia.googlesource.com/aom/+/7a20d10027fd91fbe11e38182a1d45238e102c4a%5E%21/#F0 (v3.0.0) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1 + TODO: check qtwebengine-opensource-src 5.15.7 CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) -- cgit v1.2.3