[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Sync various issues with kernel-sec triage from benh

Salvatore Bonaccorso carnil at debian.org
Sat Mar 3 20:00:47 UTC 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86548e12 by Salvatore Bonaccorso at 2018-03-03T21:00:17+01:00
Sync various issues with kernel-sec triage from benh

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -475,6 +475,8 @@ CVE-2018-7493
 CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...)
 	- linux 4.14.2-1
 	[stretch] - linux 4.9.65-1
+	[jessie] - linux <not-affected> (Vulnerable code introduced later)
+	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
 CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel ...)
 	- linux 4.14.7-1
@@ -483,6 +485,8 @@ CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux
 CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel ...)
 	- linux 4.14.7-1
 	[stretch] - linux 4.9.80-1
+	[jessie] - linux <not-affected> (Vulnerable code not present)
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146
 CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
 	- linux 4.14.7-1
@@ -545,6 +549,8 @@ CVE-2018-7481
 	RESERVED
 CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...)
 	- linux 4.11.6-1
+	[jessie] - linux <not-affected> (Issue introduced later)
+	[wheezy] - linux <not-affected> (Issue introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
 CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...)
 	NOT-FOR-US: YzmCMS
@@ -903,6 +909,8 @@ CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the "sig
 	NOT-FOR-US: HamayeshNegar CMS
 CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
 	- linux 4.13.4-1
+	[jessie] - linux <not-affected> (Vulnerable code not present)
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
 CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection ...)
 	{DSA-4123-1 DLA-1295-1}
@@ -1276,7 +1284,7 @@ CVE-2018-7275
 CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...)
 	NOT-FOR-US: Yab Quarx
 CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...)
-	- linux <unfixed>
+	- linux 4.15.4-1
 	NOTE: https://lkml.org/lkml/2018/2/20/669
 CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...)
 	NOT-FOR-US: ForgeRock AM
@@ -2935,6 +2943,8 @@ CVE-2018-1000041 (GNOME librsvg version before commit ...)
 	NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
 CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...)
 	- linux 4.7.2-1
+	[jessie] - linux <not-affected> (Vulnerable code not present)
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/251e22abde21833b3d29577e4d8c7aaccd650eee
 CVE-2017-18173
 	RESERVED
@@ -50709,6 +50719,7 @@ CVE-2015-9017
 CVE-2015-9016 [blk-mq: fix race between timeout and freeing request]
 	RESERVED
 	- linux 4.2.3-1
+	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
 CVE-2015-9015
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/86548e12c22a72005809a66ed1bff369acb312fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180303/05b4331c/attachment.html>


More information about the Secure-testing-commits mailing list