[Secure-testing-commits] r58382 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 9 09:14:28 UTC 2017
Author: carnil
Date: 2017-12-09 09:14:28 +0000 (Sat, 09 Dec 2017)
New Revision: 58382
Modified:
data/CVE/list
data/next-oldstable-point-update.txt
Log:
Merge already 3.16.51-1 fixes (sync with kernel-sec)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-09 09:10:18 UTC (rev 58381)
+++ data/CVE/list 2017-12-09 09:14:28 UTC (rev 58382)
@@ -3952,6 +3952,7 @@
CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
NOTE: https://github.com/bindecy/HugeDirtyCowPOC
@@ -5000,10 +5001,12 @@
CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c ...)
- linux <not-affected> (Vulnerable code not present)
CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 ...)
@@ -5027,6 +5030,7 @@
CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...)
- php7.1 7.1.11-1
- php7.0 7.0.25-1
@@ -5312,12 +5316,15 @@
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
CVE-2017-16536 (The cx231xx_usb_probe function in ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in the ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/1c0edc3633b56000e18d82fc241e3995ca18a69e
CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...)
- linux 4.13.10-1
@@ -5328,23 +5335,28 @@
CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b
CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4
CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991
CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...)
- linux 4.13.4-1
@@ -5355,6 +5367,7 @@
CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/124751d5e63c823092060074bd0abaae61aaa9c4
CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users ...)
- linux 4.13.10-1
@@ -5363,6 +5376,7 @@
CVE-2017-16525 (The usb_serial_console_disconnect function in ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an ...)
NOT-FOR-US: Samsung SRN-1670D devices
CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
@@ -7798,6 +7812,7 @@
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/008ba2a13f2d04c947adc536d19debb8fe66f110
NOTE: Fixed by: https://git.kernel.org/linus/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the ...)
@@ -8725,6 +8740,7 @@
CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6)
CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows ...)
- git <unfixed> (unimportant)
@@ -8891,6 +8907,7 @@
CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...)
- linux 4.13.4-2
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of ...)
@@ -9291,6 +9308,7 @@
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6)
CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) ...)
- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
@@ -14959,6 +14977,7 @@
- wpa 2:2.4-1.1
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: https://w1.fi/security/2017-1/
NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6)
CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...)
@@ -17993,12 +18012,14 @@
CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...)
- linux 4.13.13-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7)
NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1)
CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key ...)
- linux 4.13.4-2
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3)
NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
@@ -18007,6 +18028,7 @@
CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...)
- linux 4.13.10-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
CVE-2017-12189
RESERVED
@@ -28057,6 +28079,7 @@
CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c ...)
- linux 4.12.6-1
[stretch] - linux 4.9.47-1
+ [jessie] - linux 3.16.51-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559
CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...)
{DSA-3863-1 DLA-960-1}
@@ -51540,6 +51563,7 @@
CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
- linux 4.13.4-2
[stretch] - linux 4.9.65-1
+ [jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/17df6453d4be17910456e99c5a85025aa1b7a246 (v4.14-rc4)
CVE-2017-0785 (A information disclosure vulnerability in the Android system ...)
Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt 2017-12-09 09:10:18 UTC (rev 58381)
+++ data/next-oldstable-point-update.txt 2017-12-09 09:14:28 UTC (rev 58382)
@@ -101,54 +101,6 @@
[jessie] - pdns-recursor 3.6.2-2+deb8u4
CVE-2017-16899
[jessie] - transfig 1:3.2.5.e-4+deb8u1
-CVE-2017-0786
- [jessie] - linux 3.16.51-1
-CVE-2017-8831
- [jessie] - linux 3.16.51-1
-CVE-2017-12190
- [jessie] - linux 3.16.51-1
-CVE-2017-12192
- [jessie] - linux 3.16.51-1
-CVE-2017-12193
- [jessie] - linux 3.16.51-1
-CVE-2017-13080
- [jessie] - linux 3.16.51-1
-CVE-2017-15115
- [jessie] - linux 3.16.51-1
-CVE-2017-15265
- [jessie] - linux 3.16.51-1
-CVE-2017-15299
- [jessie] - linux 3.16.51-1
-CVE-2017-15649
- [jessie] - linux 3.16.51-1
-CVE-2017-16525
- [jessie] - linux 3.16.51-1
-CVE-2017-16527
- [jessie] - linux 3.16.51-1
-CVE-2017-16529
- [jessie] - linux 3.16.51-1
-CVE-2017-16530
- [jessie] - linux 3.16.51-1
-CVE-2017-16531
- [jessie] - linux 3.16.51-1
-CVE-2017-16532
- [jessie] - linux 3.16.51-1
-CVE-2017-16533
- [jessie] - linux 3.16.51-1
-CVE-2017-16535
- [jessie] - linux 3.16.51-1
-CVE-2017-16536
- [jessie] - linux 3.16.51-1
-CVE-2017-16537
- [jessie] - linux 3.16.51-1
-CVE-2017-16643
- [jessie] - linux 3.16.51-1
-CVE-2017-16649
- [jessie] - linux 3.16.51-1
-CVE-2017-16650
- [jessie] - linux 3.16.51-1
-CVE-2017-1000405
- [jessie] - linux 3.16.51-1
CVE-2015-8872
[jessie] - dosfstools 3.0.27-1+deb8u1
CVE-2016-4804
More information about the Secure-testing-commits
mailing list