[Secure-testing-commits] r44199 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sun Aug 28 17:54:51 UTC 2016
Author: carnil
Date: 2016-08-28 17:54:51 +0000 (Sun, 28 Aug 2016)
New Revision: 44199
Modified:
data/CVE/list
Log:
Mark some of linux issues as fixed, included in 4.7.2-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-28 17:48:02 UTC (rev 44198)
+++ data/CVE/list 2016-08-28 17:54:51 UTC (rev 44199)
@@ -605,7 +605,7 @@
NOTE: http://bugs.call-cc.org/ticket/1308
CVE-2016-6828 [Linux tcp_xmit_retransmit_queue use after free]
RESERVED
- - linux <unfixed>
+ - linux 4.7.2-1
CVE-2016-6822
RESERVED
CVE-2016-6821
@@ -1644,7 +1644,7 @@
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30259&p=136359#p136359
CVE-2016-6516 (Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c ...)
- - linux <unfixed>
+ - linux 4.7.2-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.kernel.org/linus/54dbc15172375641ef03399e8f911d7165eb90fb (v4.5-rc1)
@@ -1805,7 +1805,7 @@
- redis 2:3.2.1-4 (bug #832460)
NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
CVE-2016-6480 (Race condition in the ioctl_send_fib function in ...)
- - linux <unfixed>
+ - linux 4.7.2-1
CVE-2016-6478
RESERVED
CVE-2016-6477
@@ -3154,7 +3154,7 @@
CVE-2016-6157
RESERVED
CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in ...)
- - linux <unfixed>
+ - linux 4.7.2-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e
@@ -3196,7 +3196,7 @@
CVE-2016-6137
RESERVED
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
- - linux <unfixed>
+ - linux 4.7.2-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681
NOTE: https://github.com/linux-audit/audit-kernel/issues/18
NOTE: Fixed by: https://git.kernel.org/linus/43761473c254b45883a64441dd0bc85a42f3645c (4.8-rc1)
@@ -5094,7 +5094,7 @@
CVE-2016-5413
RESERVED
CVE-2016-5412 (arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through ...)
- - linux <unfixed>
+ - linux 4.7.2-1
[wheezy] - linux <not-affected> (Transactional memory not supported)
NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
@@ -5138,7 +5138,7 @@
RESERVED
NOT-FOR-US: JBoss BPMS business-central
CVE-2016-5400 (Memory leak in the airspy_probe function in ...)
- - linux <unfixed>
+ - linux 4.7.2-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
@@ -5173,7 +5173,7 @@
CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...)
- foreman <itp> (bug #663101)
CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...)
- - linux <unfixed>
+ - linux 4.7.2-1
NOTE: Introduced by: https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
CVE-2016-5389
@@ -10385,7 +10385,7 @@
CVE-2016-3858
RESERVED
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...)
- - linux <unfixed> (unimportant)
+ - linux 4.7.2-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio ...)
More information about the Secure-testing-commits
mailing list