[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Sync various issues with kernel-sec triage from benh
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 3 20:00:47 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
86548e12 by Salvatore Bonaccorso at 2018-03-03T21:00:17+01:00
Sync various issues with kernel-sec triage from benh
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -475,6 +475,8 @@ CVE-2018-7493
CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
+ [jessie] - linux <not-affected> (Vulnerable code introduced later)
+ [wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel ...)
- linux 4.14.7-1
@@ -483,6 +485,8 @@ CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux
CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel ...)
- linux 4.14.7-1
[stretch] - linux 4.9.80-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146
CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
- linux 4.14.7-1
@@ -545,6 +549,8 @@ CVE-2018-7481
RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...)
- linux 4.11.6-1
+ [jessie] - linux <not-affected> (Issue introduced later)
+ [wheezy] - linux <not-affected> (Issue introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...)
NOT-FOR-US: YzmCMS
@@ -903,6 +909,8 @@ CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "sig
NOT-FOR-US: HamayeshNegar CMS
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
- linux 4.13.4-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection ...)
{DSA-4123-1 DLA-1295-1}
@@ -1276,7 +1284,7 @@ CVE-2018-7275
CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...)
NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...)
- - linux <unfixed>
+ - linux 4.15.4-1
NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...)
NOT-FOR-US: ForgeRock AM
@@ -2935,6 +2943,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...)
NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...)
- linux 4.7.2-1
+ [jessie] - linux <not-affected> (Vulnerable code not present)
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/251e22abde21833b3d29577e4d8c7aaccd650eee
CVE-2017-18173
RESERVED
@@ -50709,6 +50719,7 @@ CVE-2015-9017
CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
RESERVED
- linux 4.2.3-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
CVE-2015-9015
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180303/05b4331c/attachment.html>
More information about the Secure-testing-commits
mailing list