[Secure-testing-commits] r58848 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Dec 22 19:50:23 UTC 2017
Author: carnil
Date: 2017-12-22 19:50:23 +0000 (Fri, 22 Dec 2017)
New Revision: 58848
Modified:
data/CVE/list
Log:
Various linux CVEs fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-22 17:32:05 UTC (rev 58847)
+++ data/CVE/list 2017-12-22 19:50:23 UTC (rev 58848)
@@ -158,13 +158,13 @@
CVE-2018-3560
RESERVED
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
NOT-FOR-US: IKARUS anti.virus
@@ -340,7 +340,7 @@
CVE-2017-17742
RESERVED
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...)
- openldap <unfixed> (unimportant)
@@ -408,7 +408,7 @@
CVE-2017-17713 (Trape before 2017-11-05 has SQL injection via the /nr red parameter, ...)
NOT-FOR-US: Trape
CVE-2017-17712 (The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
@@ -5147,7 +5147,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
CVE-2017-17557
@@ -5671,15 +5671,15 @@
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[wheezy] - linux <ignored> (User namespaces not supported)
NOTE: https://lkml.org/lkml/2017/12/5/982
CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2017/12/5/950
CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[wheezy] - linux <ignored> (User namespaces not supported)
NOTE: https://patchwork.kernel.org/patch/10089373/
CVE-2018-1280
@@ -5956,7 +5956,7 @@
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729).
CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409 [buffer overflow]
@@ -8361,14 +8361,14 @@
NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
CVE-2017-16996
RESERVED
- - linux <unfixed>
+ - linux 4.14.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
CVE-2017-16995
RESERVED
- - linux <unfixed>
+ - linux 4.14.7-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
@@ -9503,7 +9503,7 @@
RESERVED
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
{DLA-1200-1}
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
NOT-FOR-US: OpenDayLight
@@ -10602,7 +10602,7 @@
[stretch] - linux 4.9.65-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
@@ -10891,7 +10891,7 @@
NOTE: https://github.com/moby/moby/pull/35399
NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...)
- - linux <unfixed>
+ - linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
{DLA-1200-1}
@@ -33847,7 +33847,7 @@
NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
{DLA-1200-1}
- - linux <unfixed>
+ - linux 4.14.7-1
NOTE: http://lists.openwall.net/netdev/2017/12/04/224
NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
More information about the Secure-testing-commits
mailing list