[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Merge fixes included in DSA

Salvatore Bonaccorso carnil at debian.org
Thu Feb 22 15:53:10 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37ce58dc by Salvatore Bonaccorso at 2018-02-22T16:52:21+01:00
Merge fixes included in DSA

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1124,6 +1124,7 @@ CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion c
 	NOTE: https://github.com/qpdf/qpdf/issues/51
 CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...)
 	- linux 4.14.17-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
 CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...)
 	NOT-FOR-US: MISP
@@ -3264,6 +3265,7 @@ CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Servi
 	NOT-FOR-US: FreeSSHd
 CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...)
 	- linux 4.14.13-1
+	[stretch] - linux 4.9.80-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
@@ -5399,6 +5401,7 @@ CVE-2018-5346
 	RESERVED
 CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...)
 	- linux 4.14.17-1
+	[stretch] - linux 4.9.80-1
 CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...)
 	- glibc 2.26-4 (bug #887001)
 	[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
@@ -5414,6 +5417,7 @@ CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can
 	NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
 CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...)
 	- linux 4.14.17-1
+	[stretch] - linux 4.9.80-1
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	[wheezy] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
@@ -5452,9 +5456,11 @@ CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave f
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
 CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...)
 	- linux 4.14.17-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
 CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...)
 	- linux 4.14.17-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
 CVE-2017-1000441
 	REJECTED
@@ -19738,15 +19744,19 @@ CVE-2017-16915
 	RESERVED
 CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...)
 	- linux 4.14.12-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a
 CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...)
 	- linux 4.14.12-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366
 CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux ...)
 	- linux 4.14.12-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
 CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and ...)
 	- linux 4.14.12-1
+	[stretch] - linux 4.9.80-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
 CVE-2017-16910
 	RESERVED
@@ -25283,6 +25293,7 @@ CVE-2017-15130
 	RESERVED
 CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
 	- linux 4.14.12-1
+	[stretch] - linux 4.9.80-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
@@ -30806,6 +30817,7 @@ CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds w
 	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
 CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...)
 	- linux 4.14.17-1 (unimportant)
+	[stretch] - linux 4.9.80-1
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
 CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ...)
@@ -67838,7 +67850,7 @@ CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel ke
 	NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
 CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...)
 	- linux 4.13.4-1
-	[stretch] - linux <ignored> (Minor issue, cf. kernel-sec information)
+	[stretch] - linux 4.9.80-1
 	[jessie] - linux <ignored> (Minor issue, cf. kernel-sec information)
 	[wheezy] - linux <ignored> (Minor issue, cf. kernel-sec information)
 	NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229


=====================================
data/next-point-update.txt
=====================================
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -105,32 +105,6 @@ CVE-2017-12380
 	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
 CVE-2018-6560
 	[stretch] - flatpak 0.8.9-0+deb9u1
-CVE-2017-13216
-	[stretch] - linux 4.9.80-1
-CVE-2017-15129
-	[stretch] - linux 4.9.80-1
-CVE-2017-16911
-	[stretch] - linux 4.9.80-1
-CVE-2017-16912
-	[stretch] - linux 4.9.80-1
-CVE-2017-16913
-	[stretch] - linux 4.9.80-1
-CVE-2017-16914
-	[stretch] - linux 4.9.80-1
-CVE-2017-18075
-	[stretch] - linux 4.9.80-1
-CVE-2018-5332
-	[stretch] - linux 4.9.80-1
-CVE-2018-5333
-	[stretch] - linux 4.9.80-1
-CVE-2018-5344
-	[stretch] - linux 4.9.80-1
-CVE-2018-6927
-	[stretch] - linux 4.9.80-1
-CVE-2017-0861
-	[stretch] - linux 4.9.80-1
-CVE-2018-1000004
-	[stretch] - linux 4.9.80-1
 CVE-2017-1000494
 	[stretch] - miniupnpd 1.8.20140523-4.1+deb9u1
 CVE-2018-6758



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37ce58dc4f97feff3ccca5adaa598948ba7cecae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180222/33b64519/attachment-0001.html>

More information about the Secure-testing-commits mailing list