[Git][security-tracker-team/security-tracker][master] Merge changes for stretch and linux/4.9.168-1

Sat Apr 27 09:35:07 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
491e0961 by Salvatore Bonaccorso at 2019-04-27T08:34:06Z
Merge changes for stretch and linux/4.9.168-1

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3371,6 +3371,7 @@ CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux k
 	NOTE: https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
 CVE-2019-10124 (An issue was discovered in the hwpoison implementation in mm/memory-fa ...)
 	- linux <unfixed>
+	[stretch] - linux 4.9.168-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/46612b751c4941c5c0472ddf04027e877ae5990f
 CVE-2019-10123
@@ -6337,6 +6338,7 @@ CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissec
 CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lack ...)
 	{DLA-1731-1}
 	- linux 4.19.28-1
+	[stretch] - linux 4.9.168-1
 	NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
 CVE-2019-9212 (SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrar ...)
@@ -7092,6 +7094,7 @@ CVE-2018-1002161 [SQL injection in multiple remote calls]
 	NOTE: https://pagure.io/koji/issue/1183
 CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in the Lin ...)
 	- linux 4.19.28-1
+	[stretch] - linux 4.9.168-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/
 	NOTE: https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/
@@ -20061,10 +20064,12 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do
 	- tmpreaper 1.6.14 (bug #918956)
 CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
 	- linux <unfixed>
+	[stretch] - linux 4.9.168-1
 	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
 	NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
 CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
 	- linux <unfixed>
+	[stretch] - linux 4.9.168-1
 	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
 	NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
 CVE-2019-3458


=====================================
data/next-point-update.txt
=====================================
@@ -10,16 +10,6 @@ CVE-2018-1000872
 	[stretch] - python-pykmip 0.5.0-4+deb9u1
 CVE-2019-7443
 	[stretch] - kauth 5.28.0-2+deb9u1
-CVE-2019-9213
-	[stretch] - linux 4.9.168-1
-CVE-2019-8980
-	[stretch] - linux 4.9.168-1
-CVE-2019-10124
-	[stretch] - linux 4.9.168-1
-CVE-2019-3459
-	[stretch] - linux 4.9.168-1
-CVE-2019-3460
-	[stretch] - linux 4.9.168-1
 CVE-2018-7998
 	[stretch] - vips 8.4.5-1+deb9u1
 CVE-2019-6976



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/491e09619bb3e8bec9962261a048ca3a4ab7de4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/491e09619bb3e8bec9962261a048ca3a4ab7de4c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190427/fbae45f5/attachment.html>
