[Git][security-tracker-team/security-tracker][master] Add fixed version for various CVEs fixed in linux 4.19.9-1

Sun Dec 16 20:00:02 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03194621 by Salvatore Bonaccorso at 2018-12-16T19:59:50Z
Add fixed version for various CVEs fixed in linux 4.19.9-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4534,7 +4534,7 @@ CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused
 CVE-2018-19825
 	RESERVED
 CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1118152
 CVE-2018-19823
 	RESERVED
@@ -8253,7 +8253,7 @@ CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in proc
 CVE-2018-19408
 	RESERVED
 CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lkml.org/lkml/2018/11/20/580
 CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through ...)
@@ -11054,7 +11054,7 @@ CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-
 	NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
 	NOTE: no security impact, crash in end user tool
 CVE-2018-18397 (The userfaultfd implementation in the Linux kernel before 4.19.7 ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u
@@ -14900,7 +14900,7 @@ CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-1650
 	- ghostscript <not-affected> (Red Hat-specific issue)
 	NOTE: Debian updates backported all fixes to released suites
 CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://lore.kernel.org/patchwork/patch/1011367/
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649017
 	NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
@@ -20593,7 +20593,7 @@ CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and Po
 	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
 	NOTE: https://downloads.powerdns.com/patches/2018-06/
 CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
 CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions ...)
@@ -20639,18 +20639,18 @@ CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. The
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
 	NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
 CVE-2018-14616 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200465
 CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200421
 CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
 CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
 	NOTE: https://patchwork.kernel.org/patch/10503147/
 CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
@@ -20659,11 +20659,11 @@ CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. The
 	NOTE: https://patchwork.kernel.org/patch/10503403/
 	NOTE: https://patchwork.kernel.org/patch/10503413/
 CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
 	NOTE: https://patchwork.kernel.org/patch/10503099/
 CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
 	NOTE: https://patchwork.kernel.org/patch/10503415/
 CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
@@ -24351,11 +24351,11 @@ CVE-2018-13098 (An issue was discovered in fs/f2fs/inode.c in the Linux kernel t
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200173
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad
 CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200171
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15
 CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
@@ -58603,7 +58603,7 @@ CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null poin
 	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
 CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...)
 	{DSA-4339-1}
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[jessie] - linux <not-affected> (Message signatures not implemented)
 	NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1
 	- ceph 12.2.8+dfsg1-1 (bug #913472)
@@ -58612,7 +58612,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by
 	NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
 CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph ...)
 	{DSA-4339-1}
-	- linux <unfixed>
+	- linux 4.19.9-1
 	[jessie] - linux <ignored> (Protocol change is too difficult)
 	NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
 	- ceph 12.2.8+dfsg1-1 (bug #913471)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0319462104ccdda1d555b6f041d444e23dbc7ab3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0319462104ccdda1d555b6f041d444e23dbc7ab3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181216/ba8fe25e/attachment-0001.html>
