[Git][security-tracker-team/security-tracker][master] Track fixes for CVEs adressed in linux/4.19.20-1

Salvatore Bonaccorso carnil at debian.org
Tue Feb 12 05:26:29 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89c368c5 by Salvatore Bonaccorso at 2019-02-12T05:25:58Z
Track fixes for CVEs adressed in linux/4.19.20-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1175,7 +1175,7 @@ CVE-2019-7309 (In the GNU C Library (aka glibc or libc6) through 2.29, the memcm
 	NOTE: https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html
 	NOTE: x32 not officially supported
 CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs ...)
-	- linux <unfixed>
+	- linux 4.19.20-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1711
 	NOTE: Fixed by: https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38
 	NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda
@@ -1363,11 +1363,11 @@ CVE-2019-7223
 	RESERVED
 CVE-2019-7222 [KVM: x86: work around leak of uninitialized stack contents]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a
 CVE-2019-7221 [KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f
 CVE-2019-7220
 	RESERVED
@@ -1957,7 +1957,7 @@ CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x befo
 	NOTE: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch)
 CVE-2019-6974 [kvm: fix kvm_ioctl_create_device() reference counting]
 	RESERVED
-	- linux <unfixed>
+	- linux 4.19.20-1
 	NOTE: https://git.kernel.org/linus/cfa39381173d5f969daf43582c95ad679189cbc9
 CVE-2019-6973
 	RESERVED
@@ -8937,7 +8937,7 @@ CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version
 	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471
 	NOTE: Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851
 CVE-2019-3819 (A flaw was found in the Linux kernel in the function ...)
-	- linux <unfixed>
+	- linux 4.19.20-1
 	NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2
 CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in Red Hat ...)
 	NOT-FOR-US: kube-rbac-proxy
@@ -9209,7 +9209,7 @@ CVE-2019-3703
 CVE-2019-3702
 	RESERVED
 CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
-	- linux <unfixed> (unimportant)
+	- linux 4.19.20-1 (unimportant)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
 	NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
 CVE-2019-3700
@@ -26645,7 +26645,7 @@ CVE-2018-16881 (A denial of service vulnerability was found in rsyslog in the im
 	NOTE: Fixed by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
 	NOTE: Introduced by: https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6
 CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in the ...)
-	- linux <unfixed>
+	- linux 4.19.20-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
 	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89c368c5837c29a0acb7017ad1de6af8d3203c65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/89c368c5837c29a0acb7017ad1de6af8d3203c65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/35dd122a/attachment.html>

More information about the debian-security-tracker-commits mailing list