[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 30 09:10:22 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8db283e2 by security tracker role at 2019-04-30T08:10:13Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3475,6 +3475,7 @@ CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux k
NOTE: https://patchwork.kernel.org/patch/10828359/
NOTE: https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379
CVE-2019-10124 (An issue was discovered in the hwpoison implementation in mm/memory-fa ...)
+ {DLA-1771-1}
- linux <unfixed>
[stretch] - linux 4.9.168-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -3955,7 +3956,7 @@ CVE-2019-9930
CVE-2019-9929
RESERVED
CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...)
- {DLA-1770-1 DLA-1769-1}
+ {DSA-4437-1 DLA-1770-1 DLA-1769-1}
[experimental] - gst-plugins-base1.0 1.15.90-1
- gst-plugins-base1.0 <unfixed> (bug #927978)
- gst-plugins-base0.10 <removed>
@@ -6462,7 +6463,7 @@ CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissec
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-08.html
CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lack ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.28-1
[stretch] - linux 4.9.168-1
NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0)
@@ -7219,6 +7220,7 @@ CVE-2018-1002161 [SQL injection in multiple remote calls]
NOTE: https://docs.pagure.org/koji/CVE-2018-1002161/
NOTE: https://pagure.io/koji/issue/1183
CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in the Lin ...)
+ {DLA-1771-1}
- linux 4.19.28-1
[stretch] - linux 4.9.168-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -11419,13 +11421,13 @@ CVE-2019-7224
CVE-2019-7223 (InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save i ...)
NOT-FOR-US: InvoicePlane
CVE-2019-7222 (The KVM implementation in the Linux kernel through 4.20.5 has an Infor ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1
[stretch] - linux 4.9.161-1
NOTE: https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1759&desc=2
CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a Use-af ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1
[stretch] - linux 4.9.161-1
NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f
@@ -12033,7 +12035,7 @@ CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x befo
NOTE: https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
NOTE: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch)
CVE-2019-6974 (In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1
[stretch] - linux 4.9.161-1
NOTE: https://git.kernel.org/linus/cfa39381173d5f969daf43582c95ad679189cbc9
@@ -18993,7 +18995,7 @@ CVE-2019-3894
CVE-2019-3893 (In Foreman it was discovered that the delete compute resource operatio ...)
- foreman <itp> (bug #663101)
CVE-2019-3892 [fix race condition between mmget_not_zero()/get_task_mm() and core dumping]
- RESERVED
+ REJECTED
- linux <unfixed>
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...)
@@ -19019,6 +19021,7 @@ CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine
NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041
CVE-2016-10746 (libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API ...)
+ {DLA-1772-1}
- libvirt 1.3.1-1
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=506e9d6c2d4baaf580d489fff0690c0ff2ff588f (v1.3.1-rc1)
CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...)
@@ -19327,7 +19330,7 @@ CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version
NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471
NOTE: Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
CVE-2019-3819 (A flaw was found in the Linux kernel in the function hid_debug_events_ ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1
[stretch] - linux 4.9.161-1
NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2
@@ -19602,7 +19605,7 @@ CVE-2019-3703
CVE-2019-3702
RESERVED
CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1 (unimportant)
[stretch] - linux 4.9.161-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
@@ -20208,11 +20211,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do
{DSA-4365-1 DLA-1640-1}
- tmpreaper 1.6.14 (bug #918956)
CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
+ {DLA-1771-1}
- linux <unfixed>
[stretch] - linux 4.9.168-1
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
+ {DLA-1771-1}
- linux <unfixed>
[stretch] - linux 4.9.168-1
NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
@@ -21868,7 +21873,7 @@ CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url param
CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeratio ...)
NOT-FOR-US: Disputed issue in Keystone, no need to track for src:keystone
CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB sub ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.9-1
[stretch] - linux 4.9.161-1
NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
@@ -25352,7 +25357,7 @@ CVE-2018-19987
CVE-2018-19986
RESERVED
CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.13-1
[stretch] - linux 4.9.161-1
NOTE: https://git.kernel.org/linus/5146f95df782b0ac61abde36567e718692725c89
@@ -26694,7 +26699,7 @@ CVE-2018-19826 (In inspect.cpp in LibSass 3.5.5, a high memory footprint caused
CVE-2018-19825
RESERVED
CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a use-a ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.9-1
[stretch] - linux 4.9.161-1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1118152
@@ -37349,7 +37354,7 @@ CVE-2018-16885 (A flaw was found in the Linux kernel that allows the userspace t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1661503
NOTE: https://git.kernel.org/linus/06ebb06d49486676272a3c030bfeef4bd969a8e6
CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
- {DLA-1731-1}
+ {DLA-1771-1 DLA-1731-1}
- linux 4.19.16-1
[stretch] - linux 4.9.161-1
NOTE: https://patchwork.kernel.org/cover/10733767/
@@ -43246,6 +43251,7 @@ CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and Po
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
NOTE: https://downloads.powerdns.com/patches/2018-06/
CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...)
+ {DLA-1771-1}
- linux 4.19.9-1
[stretch] - linux 4.9.161-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -49710,7 +49716,7 @@ CVE-2018-12207
RESERVED
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist Technol ...)
NOT-FOR-US: Intel QuickAssist Technology for Linux
-CVE-2018-12205 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
+CVE-2018-12205 (Improper certificate validation in Platform Sample/ Silicon Reference ...)
NOT-FOR-US: Intel
CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon Reference fi ...)
NOT-FOR-US: Intel
@@ -49740,7 +49746,7 @@ CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 11.8.
NOT-FOR-US: Intel
CVE-2018-12191 (Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, ...)
NOT-FOR-US: Intel
-CVE-2018-12190 (Insufficient input validation in Intel CSME subsystem before versions ...)
+CVE-2018-12190 (Insufficient input validation in Intel(r) CSME subsystem before versio ...)
NOT-FOR-US: Intel
CVE-2018-12189 (Unhandled exception in Content Protection subsystem in Intel CSME befo ...)
NOT-FOR-US: Intel
@@ -66046,6 +66052,7 @@ CVE-2018-1000030 (Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well
CVE-2018-1000029 (mcholste Enterprise Log Search and Archive (ELSA) version revision 120 ...)
NOT-FOR-US: mcholste Enterprise Log Search and Archive
CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably well before ...)
+ {DLA-1771-1}
- linux 4.16.5-1
[stretch] - linux 4.9.161-1
[jessie] - linux-4.9 <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8db283e2fb3c3e31bae3462654ac6f515286409f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8db283e2fb3c3e31bae3462654ac6f515286409f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190430/1a84463c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list