[Secure-testing-commits] r51281 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue May 2 19:38:50 UTC 2017 

Author: carnil
Date: 2017-05-02 19:38:50 +0000 (Tue, 02 May 2017)
New Revision: 51281

Modified:
   data/CVE/list
Log:
Mark several CVEs fixed in 4.9.25-1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-05-02 19:34:27 UTC (rev 51280)
+++ data/CVE/list	2017-05-02 19:38:50 UTC (rev 51281)
@@ -888,7 +888,7 @@
 	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/5593523f968bc86d42a035c6df47d5e0979b5ace
 CVE-2017-8067 (drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/c4baad50297d84bde1a7ad45e50c73adae4a2192
@@ -901,11 +901,11 @@
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032
 CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a
 CVE-2017-8063 (drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/3f190e3aec212fc8c61e202c51400afa7384d4bc
@@ -915,7 +915,7 @@
 	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/606142af57dad981b78707234cfbd15f9f7b7125
 CVE-2017-8061 (drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
 	NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef
@@ -1311,7 +1311,7 @@
 CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
 CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...)
 	- passenger <unfixed> (unimportant)
@@ -1464,7 +1464,7 @@
 CVE-2017-7884
 	RESERVED
 CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
 CVE-2017-7883
 	RESERVED
@@ -2084,7 +2084,7 @@
 CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
 	NOT-FOR-US: SolarWinds
 CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e
 CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
 	NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS
@@ -2138,12 +2138,12 @@
 	RESERVED
 CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
 	{DLA-922-1}
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <no-dsa> (Will be fixed in point release)
 	NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
 CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscalls ...)
 	{DLA-922-1}
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <no-dsa> (Will be fixed in point release)
 	NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
 	NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
@@ -2584,7 +2584,7 @@
 CVE-2017-7472 [keyctl_set_reqkey_keyring() leaks thread keyrings]
 	RESERVED
 	{DLA-922-1}
-	- linux <unfixed>
+	- linux 4.9.25-1
 	NOTE: https://lkml.org/lkml/2017/4/1/235
 	NOTE: https://lkml.org/lkml/2017/4/3/724
 CVE-2017-7471 [9p: virtfs allows guest to change filesystem attributes on host]
@@ -2889,7 +2889,7 @@
 CVE-2017-7375
 	RESERVED
 CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...)
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
 	[wheezy] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
 	NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4)
@@ -16588,7 +16588,7 @@
 	- foreman <itp> (bug #663101)
 CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
 	{DLA-922-1}
-	- linux <unfixed>
+	- linux 4.9.25-1
 	[jessie] - linux <no-dsa> (Will be fixed in point release)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
 	NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
@@ -22099,7 +22099,7 @@
 CVE-2016-9604
 	RESERVED
 	{DLA-922-1}
-	- linux <unfixed>
+	- linux 4.9.25-1
 	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
 CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
 	RESERVED

More information about the Secure-testing-commits mailing list