[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [oss-security] Security fixes from Android 10 release which are relevant outside the Android ecosystem?
On Fri, Oct 25, 2019 at 11:23:09PM +0200, Moritz Mühlenhoff wrote:
> Android advisories used to contain commit references to AOSP change sets, but
> that's not the case for https://source.android.com/security/bulletin/android-10.
> Typically most of these issues are specific to Android, but there are a few which
> per the CVE description are possibly affecting software packaged/used by Linux
> distros as well, one example:
Normally the advisories should link back to actual details, but I guess
this doesn't always happen.
> "In libvpx, there is a possible out of bounds read due to a missing bounds check.
> This could lead to remote information disclosure with no additional execution
> privileges needed. "
> Similar for CVE-2019-9232,
> CVE-2019-9423 (also libexif and opencv)
This one I can't find an external reference for. I've asked for more
> Is there anyone from Android/Google on the list, who can comment on this? Can these
> references be added again for the benefit of non-Android distros?
Thank you Moritz for pinging me off-list! :)