new gpac issues

NFUs

1 files changed, 39 insertions, 18 deletions

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 36e8c6a32a..7891016099 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -4,15 +4,36 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr
 	- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
 	NOTE: https://savannah.gnu.org/bugs/index.php?56683
 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
-	TODO: check
+	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
+	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+	NOTE: https://github.com/gpac/gpac/issues/1271
 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
-	TODO: check
+	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
+	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+	NOTE: https://github.com/gpac/gpac/issues/1270
 CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
-	TODO: check
+	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
+	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+	NOTE: https://github.com/gpac/gpac/issues/1268
 CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
-	TODO: check
+	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
+	NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
+	NOTE: https://github.com/gpac/gpac/issues/1264
 CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
-	TODO: check
+	- gpac <unfixed>
+	[buster] - gpac <no-dsa> (Minor issue)
+	[stretch] - gpac <no-dsa> (Minor issue)
+	NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
+	NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8
+	NOTE: https://github.com/gpac/gpac/issues/1269
 CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
 	NOT-FOR-US: AutoUpdater.NET
 CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
@@ -25631,9 +25652,9 @@ CVE-2019-10809
 CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...)
 	NOT-FOR-US: utilitify
 CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...)
-	TODO: check
+	NOT-FOR-US: Node blamer
 CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...)
-	TODO: check
+	NOT-FOR-US: Node vega-util
 CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously  ...)
 	NOT-FOR-US: Node valib
 CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...)
@@ -30310,9 +30331,9 @@ CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a4
 	- linux 4.19.37-4
 	NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
 CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...)
-	TODO: check
+	NOT-FOR-US: Broadcom
 CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...)
-	TODO: check
+	NOT-FOR-US: Broadcom
 CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...)
 	{DSA-4465-1 DLA-1824-1}
 	- linux 4.19.37-4
@@ -30393,9 +30414,9 @@ CVE-2019-9476
 CVE-2019-9475
 	RESERVED
 CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due  ...)
 	NOT-FOR-US: Android
 CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds  ...)
@@ -31143,7 +31164,7 @@ CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows att
 CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...)
 	NOT-FOR-US: Nagios XI
 CVE-2019-9163 (The connection initiation process in March Networks Command Client bef ...)
-	TODO: check
+	NOT-FOR-US: March Networks
 CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
 	NOT-FOR-US: Sangfor Sundray WLAN Controller
 CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...)
@@ -44281,7 +44302,7 @@ CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vul
 CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...)
 	NOT-FOR-US: SAP
 CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
-	TODO: check
+	NOT-FOR-US: SuSE packaging of munin
 CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE  ...)
 	TODO: check
 CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...)
@@ -44300,7 +44321,7 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent
 	- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
 	- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
 CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
-	TODO: check
+	NOT-FOR-US: SuSE
 CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
 	- openqa <itp> (bug #840253)
 CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
@@ -47550,7 +47571,7 @@ CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there i
 CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...)
 	NOT-FOR-US: Android
 CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an  ...)
 	{DLA-2114-1 DLA-2068-1}
 	- linux 4.15.4-1
@@ -47848,9 +47869,9 @@ CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManage
 CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there  ...)
 	NOT-FOR-US: Android
 CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...)
 	NOT-FOR-US: Android
 CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...)
@@ -47910,7 +47931,7 @@ CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missi
 CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...)
 	NOT-FOR-US: Android
 CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead  ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2019-2057
 	RESERVED
 CVE-2019-2056