[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Record fixing versions for 4.14.17-1

Salvatore Bonaccorso carnil at debian.org
Thu Feb 15 14:34:06 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ae774529 by Salvatore Bonaccorso at 2018-02-15T15:33:21+01:00
Record fixing versions for 4.14.17-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -330,7 +330,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion c
 	NOTE: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
 	NOTE: https://github.com/qpdf/qpdf/issues/51
 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
 CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...)
 	NOT-FOR-US: MISP
@@ -4571,7 +4571,7 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticate
 CVE-2018-5346
 	RESERVED
 CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...)
 	- glibc 2.26-4 (bug #887001)
 	[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
@@ -4586,7 +4586,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can
 	- gcab 0.7-7 (bug #887776)
 	NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
 CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	[wheezy] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
@@ -4624,10 +4624,10 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave f
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
 CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
 CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
 CVE-2017-1000441
 	REJECTED
@@ -4729,7 +4729,7 @@ CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the de
 CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...)
 	NOT-FOR-US: Office Tracker
 CVE-2018-1000028 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, ...)
-	- linux <unfixed>
+	- linux 4.14.17-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -30024,7 +30024,7 @@ CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. Thi
 CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write ...)
 	TODO: check
 CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...)
-	- linux <unfixed> (unimportant)
+	- linux 4.14.17-1 (unimportant)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
 CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ae77452949518e75ce1247e561288db5204e5f28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180215/44d9ae9d/attachment.html>

More information about the Secure-testing-commits mailing list