[Secure-testing-commits] r52279 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Jun 4 12:26:39 UTC 2017 

Author: carnil
Date: 2017-06-04 12:26:39 +0000 (Sun, 04 Jun 2017)
New Revision: 52279

Modified:
   data/CVE/list
Log:
Linux issues fixed in sid

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-04 11:39:41 UTC (rev 52278)
+++ data/CVE/list	2017-06-04 12:26:39 UTC (rev 52279)
@@ -624,7 +624,7 @@
 	- picocom 1.7-2 (bug #863671)
 	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
 CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
 CVE-2017-9241
 	RESERVED
@@ -736,7 +736,7 @@
 CVE-2017-9212 (The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the ...)
 	NOT-FOR-US: Bluetooth stack on the BMW 330i 2011
 CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
@@ -891,7 +891,7 @@
 	- autotrace <removed>
 	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
 CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07
@@ -1130,16 +1130,16 @@
 	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
 	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
 CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
 CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
 CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
 CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
 CVE-2017-9073 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
 	NOT-FOR-US: Windows
@@ -1165,7 +1165,7 @@
 	NOTE: still present.
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
 CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	[jessie] - linux <not-affected> (Introduced in 4.9)
 	[wheezy] - linux <not-affected> (Introduced in 4.9)
 CVE-2017-9057
@@ -1676,7 +1676,7 @@
 CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
 	NOT-FOR-US: ASUS
 CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
 CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...)
 	NOT-FOR-US: Symphony CMS
@@ -3637,7 +3637,7 @@
 CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2017-1000363 [lp.c Out-of-Bounds Write via Kernel Command-line]
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
 	NOTE: https://alephsecurity.com/vulns/aleph-2017023
 CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status ...)
@@ -5412,7 +5412,7 @@
 CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...)
 	NOT-FOR-US: authconfig in Red Hat
 CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...)
-	- linux <unfixed>
+	- linux 4.9.30-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
 CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
 	{DSA-3851-1}
@@ -24147,8 +24147,8 @@
 CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0605 (An elevation of privilege vulnerability in the kernel trace subsystem ...)
-	- linux <undetermined>
-	NOTE: https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477
+	- linux 4.9.30-1
+	NOTE: Fixed by: https://git.kernel.org/linus/e09e28671cda63e6308b31798b997639120e2a21
 CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...)
 	NOT-FOR-US: Qualcomm driver for Android
 CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver ...)

More information about the Secure-testing-commits mailing list