[Git][security-tracker-team/security-tracker][master] Add fixed version for linux CVEs via unstable upload
Salvatore Bonaccorso
carnil at debian.org
Mon Aug 5 13:27:20 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d886b0ad by Salvatore Bonaccorso at 2019-08-05T12:26:46Z
Add fixed version for linux CVEs via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1482,10 +1482,10 @@ CVE-2015-9288 (The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2
CVE-2019-1000033
REJECTED
CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32
CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
NOT-FOR-US: invenio-previewer
@@ -2908,7 +2908,7 @@ CVE-2019-13650
CVE-2019-13649
RESERVED
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
- linux 4.18.8-1
@@ -2967,7 +2967,7 @@ CVE-2019-13633
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://patchwork.kernel.org/patch/11040813/
CVE-2019-13630
RESERVED
@@ -4401,7 +4401,7 @@ CVE-2019-13451
- xymon 4.3.29-1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-XXXX [No grant table and foreign mapping limits]
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://xenbits.xen.org/xsa/advisory-300.html
CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...)
NOT-FOR-US: Zoom Client and RingCentral on MacOS
@@ -4939,7 +4939,7 @@ CVE-2019-13226 (deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-c
CVE-2018-20850 (Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3. ...)
NOT-FOR-US: Stormshield Network Security
CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1879
@@ -5598,7 +5598,7 @@ CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x b
CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...)
NOT-FOR-US: Citrix and NetScaler SD-WAN
CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51
CVE-2019-12983
REJECTED
@@ -6048,7 +6048,7 @@ CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei
CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...)
NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner
CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-ad ...)
@@ -8572,7 +8572,7 @@ CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL
CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...)
NOT-FOR-US: Joomla!
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...)
NOT-FOR-US: Ratpack
@@ -11808,7 +11808,7 @@ CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 al
- linux 4.19.37-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...)
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://arxiv.org/pdf/1906.10478.pdf
CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...)
NOT-FOR-US: Marvell
@@ -12740,7 +12740,7 @@ CVE-2019-10208
RESERVED
CVE-2019-10207 [bluetooth: hci_uart: 0x0 address execution as nonprivileged user]
RESERVED
- - linux <unfixed>
+ - linux 5.2.6-1
NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1
NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u
NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73
@@ -29082,7 +29082,7 @@ CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to l
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807
NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438
CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
- - linux <unfixed>
+ - linux 5.2.6-1
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
- heketi <itp> (bug #903384)
CVE-2019-3898
@@ -29193,7 +29193,7 @@ CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of t
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...)
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
@@ -35380,7 +35380,7 @@ CVE-2019-2001 (The permissions on /proc/iomem were world-readable. This could le
CVE-2019-2000 (In several functions of binder.c, there is possible memory corruption ...)
NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a possible doubl ...)
- - linux <unfixed>
+ - linux 5.2.6-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5cec2d2e5839f9c0fec319c523a911e0a7fd299f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d886b0ad32a9c8982d317f4b9b73ec19b8f44f3c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d886b0ad32a9c8982d317f4b9b73ec19b8f44f3c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/27463e40/attachment.html>
More information about the debian-security-tracker-commits
mailing list