[Secure-testing-commits] r51365 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat May 6 11:57:26 UTC 2017
Author: carnil
Date: 2017-05-06 11:57:26 +0000 (Sat, 06 May 2017)
New Revision: 51365
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Merge linux changes for jessie point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-05-06 10:33:25 UTC (rev 51364)
+++ data/CVE/list 2017-05-06 11:57:26 UTC (rev 51365)
@@ -2975,12 +2975,12 @@
CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
{DLA-922-1}
- linux 4.9.25-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscalls ...)
{DLA-922-1}
- linux 4.9.25-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
@@ -3922,7 +3922,7 @@
CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
{DLA-922-1}
- linux 4.9.18-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
NOTE: Fixed by: https://git.kernel.org/linus/8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b
NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70
@@ -3943,7 +3943,7 @@
CVE-2017-7294 (The vmw_surface_define_ioctl function in ...)
{DLA-922-1}
- linux 4.9.18-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/e7e11f99564222d82f0ce84bd521e57d78a6b678
CVE-2017-7292
RESERVED
@@ -4170,7 +4170,7 @@
CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...)
{DLA-922-1}
- linux 4.9.6-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.3 enables potential SSRF in applications that accept an ...)
{DLA-875-1}
@@ -4213,7 +4213,7 @@
CVE-2017-7261 (The vmw_surface_define_ioctl function in ...)
{DLA-922-1}
- linux 4.9.18-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/36274ab8c596f1240c606bb514da329add2a1bcd
CVE-2017-7260
RESERVED
@@ -4560,7 +4560,7 @@
CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the ...)
{DLA-922-1}
- linux 4.9.18-1 (low)
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
NOTE: non-standard setups
CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote ...)
@@ -5072,7 +5072,7 @@
CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linux ...)
{DLA-922-1}
- linux 4.0.2-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended ...)
NOT-FOR-US: SAP
CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...)
@@ -7816,7 +7816,7 @@
CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when ...)
{DLA-922-1}
- linux 4.9.13-1 (low)
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
CVE-2017-5966
RESERVED
CVE-2017-5965
@@ -8116,7 +8116,7 @@
CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ...)
{DLA-922-1}
- linux 4.8.15-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7)
CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in ...)
{DSA-3784-1 DLA-820-1}
@@ -8172,7 +8172,7 @@
[jessie] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
- linux 4.9.10-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1)
NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
@@ -13686,7 +13686,7 @@
NOT-FOR-US: WampServer
CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 ...)
- linux 4.7.8-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
[wheezy] - linux <no-dsa> (Changes required are too invasive)
CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The ...)
NOT-FOR-US: Radisys MRF Web Panel
@@ -17428,7 +17428,7 @@
CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
{DLA-922-1}
- linux 4.9.25-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
CVE-2017-2670
@@ -17500,7 +17500,7 @@
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users ...)
{DLA-922-1}
- linux 4.0.2-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
NOTE: Fixed by: https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (v3.18-rc1)
CVE-2017-2646
RESERVED
@@ -34594,7 +34594,7 @@
NOTE: libv8 is not covered by security support
CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict how ...)
- linux 4.8.11-1
- [jessie] - linux <no-dsa> (Will be fixed in point release)
+ [jessie] - linux 3.16.43-1
[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
NOTE: https://lkml.org/lkml/2016/8/28/269
NOTE: Fixed by: https://git.kernel.org/linus/d29216842a85c7970c536108e093963f02714498 (v4.9-rc1)
@@ -47482,7 +47482,7 @@
CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the ...)
{DLA-922-1}
- linux 4.9.16-1
- [jessie] - linux <no-dsa> (Minor issue)
+ [jessie] - linux 3.16.43-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317018
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283390
NOTE: http://seclists.org/bugtraq/2016/Mar/87
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2017-05-06 10:33:25 UTC (rev 51364)
+++ data/next-point-update.txt 2017-05-06 11:57:26 UTC (rev 51365)
@@ -106,38 +106,6 @@
[jessie] - libxslt 1.1.28-2+deb8u3
CVE-2017-5985
[jessie] - lxc 1:1.0.6-6+deb8u6
-CVE-2016-10044
- [jessie] - linux 3.16.43-1
-CVE-2016-10200
- [jessie] - linux 3.16.43-1
-CVE-2016-10208
- [jessie] - linux 3.16.43-1
-CVE-2016-2188
- [jessie] - linux 3.16.43-1
-CVE-2016-6213
- [jessie] - linux 3.16.43-1
-CVE-2017-2647
- [jessie] - linux 3.16.43-1
-CVE-2017-2671
- [jessie] - linux 3.16.43-1
-CVE-2017-5967
- [jessie] - linux 3.16.43-1
-CVE-2017-6951
- [jessie] - linux 3.16.43-1
-CVE-2017-7184
- [jessie] - linux 3.16.43-1
-CVE-2017-7261
- [jessie] - linux 3.16.43-1
-CVE-2017-7273
- [jessie] - linux 3.16.43-1
-CVE-2017-7294
- [jessie] - linux 3.16.43-1
-CVE-2017-7308
- [jessie] - linux 3.16.43-1
-CVE-2017-7616
- [jessie] - linux 3.16.43-1
-CVE-2017-7618
- [jessie] - linux 3.16.43-1
CVE-2016-10210
[jessie] - yara 3.1.0-2+deb8u1
CVE-2016-10211
More information about the Secure-testing-commits
mailing list