[Secure-testing-commits] r55888 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Sep 19 04:27:16 UTC 2017 

Author: carnil
Date: 2017-09-19 04:27:16 +0000 (Tue, 19 Sep 2017)
New Revision: 55888

Modified:
   data/CVE/list
Log:
Record fixed version for linux upload to unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-19 03:07:08 UTC (rev 55887)
+++ data/CVE/list	2017-09-19 04:27:16 UTC (rev 55888)
@@ -218,7 +218,7 @@
 CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...)
 	NOT-FOR-US: SilverStripe CMS
 CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...)
-	- linux <unfixed>
+	- linux 4.12.13-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13)
@@ -237,7 +237,7 @@
 CVE-2017-14490
 	RESERVED
 CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...)
-	- linux <unfixed>
+	- linux 4.12.13-1
 	NOTE: https://patchwork.kernel.org/patch/9923803/
 CVE-2017-14488
 	RESERVED
@@ -606,7 +606,7 @@
 	NOTE: https://github.com/LibRaw/LibRaw/issues/100
 	NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
 CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ...)
-	- linux <unfixed>
+	- linux 4.12.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
 CVE-2017-14339
 	RESERVED
@@ -1106,7 +1106,7 @@
 CVE-2017-14157
 	RESERVED
 CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the ...)
-	- linux <unfixed> (low)
+	- linux 4.12.13-1 (low)
 CVE-2017-14155
 	RESERVED
 CVE-2017-14154
@@ -1130,14 +1130,14 @@
 	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
 	NOTE: https://github.com/uclouvain/openjpeg/issues/982
 CVE-2017-1000252 [KVM denial of service with posted interrupts on Intel systems]
-	- linux <unfixed>
+	- linux 4.12.13-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb (v4.14-rc1)
 	NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2
 	NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2
 CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...)
-	- linux <unfixed> (bug #875881)
+	- linux 4.12.13-1 (bug #875881)
 	NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
 	NOTE: https://www.armis.com/blueborne/
 	NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
@@ -1491,7 +1491,7 @@
 CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability. ...)
 	NOT-FOR-US: CrushFTP
 CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...)
-	- linux <unfixed>
+	- linux 4.12.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 CVE-2017-14034
@@ -6662,12 +6662,12 @@
 	RESERVED
 CVE-2017-12154 [kvm: nVMX: L2 guest could access hardware(L0) CR8 register]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.12.13-1
 	NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1)
 	NOTE: https://www.spinics.net/lists/kvm/msg155414.html
 CVE-2017-12153 [null pointer dereference in nl80211_set_rekey_data()]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.12.13-1
 	NOTE: https://marc.info/?t=150525503100001&r=1&w=2
 	NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
 CVE-2017-12152
@@ -20060,7 +20060,7 @@
 	RESERVED
 CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.12.13-1
 	[jessie] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
 CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication ...)

More information about the Secure-testing-commits mailing list