[Secure-testing-commits] r46700 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 2 07:09:28 UTC 2016
Author: carnil
Date: 2016-12-02 07:09:28 +0000 (Fri, 02 Dec 2016)
New Revision: 46700
Modified:
data/CVE/list
Log:
Add fixed version for various src:linux CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-02 05:34:14 UTC (rev 46699)
+++ data/CVE/list 2016-12-02 07:09:28 UTC (rev 46700)
@@ -1709,7 +1709,7 @@
NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux ...)
- - linux <unfixed>
+ - linux 4.8.11-1
NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of ...)
TODO: check
@@ -3320,12 +3320,12 @@
NOTE: Origin of the file seems to be from libav
TODO: check: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patch looks different, needs investigation
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 ...)
- - linux <unfixed>
+ - linux 4.8.11-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://patchwork.kernel.org/patch/9373631/
NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows ...)
- - linux <unfixed>
+ - linux 4.8.11-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://patchwork.kernel.org/patch/9373631/
NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
@@ -4392,7 +4392,7 @@
CVE-2016-8651
RESERVED
CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...)
- - linux <unfixed>
+ - linux 4.8.11-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: http://seclists.org/fulldisclosure/2016/Nov/76
NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477
@@ -4420,7 +4420,7 @@
NOTE: https://lkml.org/lkml/2016/10/12/198
NOTE: Fixed by: https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2)
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb ...)
- - linux <unfixed>
+ - linux 4.8.11-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
NOTE: Introduced in: https://git.kernel.org/linus/cf60af03ca4e71134206809ea892e49b92a88896 (v3.6-rc1)
@@ -12756,7 +12756,7 @@
NOTE: libv8 is not covered by security support
CVE-2016-6213
RESERVED
- - linux <unfixed>
+ - linux 4.8.11-1
NOTE: https://lkml.org/lkml/2016/8/28/269
NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498
CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the ...)
@@ -55671,7 +55671,7 @@
[wheezy] - oss4 <no-dsa> (Minor issue)
[squeeze] - oss4 <no-dsa> (Minor issue)
CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set ...)
- - linux <unfixed> (bug #770492)
+ - linux 4.8.11-1 (bug #770492)
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee
CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS]
More information about the Secure-testing-commits
mailing list