[Git][security-tracker-team/security-tracker][master] Mark CVE fixes for linux/5.3.15-1 upload to unstable

Salvatore Bonaccorso carnil at debian.org
Sat Dec 7 12:40:36 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78f35e94 by Salvatore Bonaccorso at 2019-12-07T12:38:58Z
Mark CVE fixes for linux/5.3.15-1 upload to unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,7 +60,7 @@ CVE-2019-19600
 CVE-2019-19599
 	RESERVED
 CVE-2019-19602 (fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -1264,7 +1264,7 @@ CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that
 	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9
 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can  ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd
 CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...)
 	- linux 5.3.7-1
@@ -1280,7 +1280,7 @@ CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug
 	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625
 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that  ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79
 CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
 	- linux 5.3.7-1
@@ -1297,7 +1297,7 @@ CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug
 	- linux 5.3.7-1
 	NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76
 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that  ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86
 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...)
 	- linux 5.3.7-1
@@ -2294,7 +2294,7 @@ CVE-2019-19321
 CVE-2019-19320
 	RESERVED
 CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
 	- linux <unfixed>
 CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...)
@@ -3041,17 +3041,17 @@ CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drive
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817
 CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407
 CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 CVE-2019-19049 (** DISPUTED ** A memory leak in the unittest_data_add() function in dr ...)
-	- linux <unfixed> (unimportant)
+	- linux 5.3.15-1 (unimportant)
 	NOTE: https://git.kernel.org/linus/e13de8fe0d6a51341671bbe384826d527afe8d44
 	NOTE: unittest.c can only be reached during boot.
 CVE-2019-19048 (A memory leak in the crypto_reportstat() function in drivers/virt/vbox ...)
@@ -3060,7 +3060,7 @@ CVE-2019-19048 (A memory leak in the crypto_reportstat() function in drivers/vir
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2
 CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[buster] - linux <not-affected> (Vulnerability introduced later)
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -3069,12 +3069,12 @@ CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() functi
 	- linux <unfixed> (unimportant)
 	NOTE: Only a memory leak on the probe path
 CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39
 CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/ ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[buster] - linux <not-affected> (Vulnerability introduced later)
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -3620,7 +3620,7 @@ CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: https://lore.kernel.org/patchwork/patch/1142523/
 CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...)
-	- linux <unfixed> (unimportant)
+	- linux 5.3.15-1 (unimportant)
 	[stretch] - linux <not-affected> (Bug introduced later)
 	[jessie] - linux <not-affected> (Bug introduced later)
 	NOTE: https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060
@@ -3632,7 +3632,7 @@ CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Function only exposed through debugfs
 CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[buster] - linux <not-affected> (Vulnerability introduced later)
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -6139,7 +6139,7 @@ CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
 CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1
 CVE-2019-18675 (The Linux kernel through 5.3.13 has a start_offset+size Integer Overfl ...)
@@ -6174,7 +6174,7 @@ CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input pa
 CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...)
 	NOT-FOR-US: Fastweb FASTGate
 CVE-2019-18660 (The Linux kernel before 5.4.1 on powerpc allows Information Exposure b ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[jessie] - linux <ignored> (powerpc not supported in LTS)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1
 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...)
@@ -16204,7 +16204,7 @@ CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There
 	- linux 4.19.37-1
 	[stretch] - linux 4.9.184-1
 CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a  ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2
 CVE-2019-15290
 	REJECTED
@@ -16861,7 +16861,7 @@ CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related
 CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
 	NOT-FOR-US: i-recommend-this plugin for WordPress
 CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
-	- linux <unfixed>
+	- linux 5.3.15-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78f35e9450b624d26f229480dc6991794f128c82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78f35e9450b624d26f229480dc6991794f128c82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191207/d1490b71/attachment.html>


More information about the debian-security-tracker-commits mailing list