[Git][security-tracker-team/security-tracker][master] Sync changes for src;linux with kernel-sec status and 9.8 point release inclusion
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 16 08:16:57 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
013a53e7 by Salvatore Bonaccorso at 2019-02-16T08:16:44Z
Sync changes for src;linux with kernel-sec status and 9.8 point release inclusion
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21239,6 +21239,7 @@ CVE-2018-19408
RESERVED
CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2018/11/20/580
CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through ...)
@@ -23243,6 +23244,7 @@ CVE-2016-10731 (ProjectSend (formerly cFTP) r582 allows SQL injection via ...)
NOT-FOR-US: ProjectSend
CVE-2018-18710 (An issue was discovered in the Linux kernel through 4.19. An ...)
- linux 4.18.20-1
+ [stretch] - linux 4.9.144-1
NOTE: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
CVE-2018-18705 (PhpTpoint hospital management system suffers from multiple SQL ...)
NOT-FOR-US: PhpTpoint hospital management system
@@ -23284,6 +23286,7 @@ CVE-2018-18691
RESERVED
CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set ...)
- linux 4.17.3-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
@@ -24428,6 +24431,7 @@ CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
NOT-FOR-US: Next.js
CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs TLB ...)
- linux 4.18.20-1
+ [stretch] - linux 4.9.135-1
NOTE: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
CVE-2018-18280
RESERVED
@@ -25360,6 +25364,7 @@ CVE-2018-17970
RESERVED
CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in ...)
- linux 4.18.20-1
+ [stretch] - linux 4.9.135-1
NOTE: https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2
NOTE: https://git.kernel.org/linus/f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7
CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote ...)
@@ -28089,6 +28094,7 @@ CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-1650
NOTE: Debian updates backported all fixes to released suites
CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://lore.kernel.org/patchwork/patch/1011367/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649017
NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
@@ -33873,6 +33879,7 @@ CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. The
NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
CVE-2018-14616 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200465
CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
- linux 4.19.9-1
@@ -33881,22 +33888,27 @@ CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. The
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200421
CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
NOTE: https://patchwork.kernel.org/patch/10503147/
CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- linux 4.18.8-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
NOTE: https://patchwork.kernel.org/patch/10503403/
NOTE: https://patchwork.kernel.org/patch/10503413/
CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is a ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
NOTE: https://patchwork.kernel.org/patch/10503099/
CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
NOTE: https://patchwork.kernel.org/patch/10503415/
CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
@@ -37594,6 +37606,7 @@ CVE-2018-13101 (KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers
NOT-FOR-US: RedSwimmer KioskSimple
CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
- linux 4.18.10-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel through ...)
@@ -37611,10 +37624,12 @@ CVE-2018-13098 (An issue was discovered in fs/f2fs/inode.c in the Linux kernel t
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad
CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200171
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15
CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
@@ -37716,6 +37731,7 @@ CVE-2018-13055 (A cross-site scripting (XSS) vulnerability in the View Filters p
NOTE: https://mantisbt.org/bugs/view.php?id=24580
CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the ...)
- linux 4.18.20-1
+ [stretch] - linux 4.9.135-1
[jessie] - linux-4.9 <unfixed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
@@ -38104,6 +38120,7 @@ CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer
NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
- linux 4.18.20-1
+ [stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
@@ -48756,6 +48773,7 @@ CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2f368e74a51ec7541b6595af712d17d6d1376534
CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel before ...)
- linux 4.12.6-1
+ [stretch] - linux 4.9.144-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux-4.9 <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
@@ -58309,6 +58327,7 @@ CVE-2018-5849 (Due to a race condition in the QTEECOM driver in all Android rele
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5848 (In the function wmi_set_ie(), the length validation code does not ...)
- linux 4.16.5-1
+ [stretch] - linux 4.9.144-1
NOTE: Fixed by: https://git.kernel.org/linus/b5a8ffcae4103a9d823ea3aa3a761f65779fbe2a (4.16-rc1)
CVE-2018-5847 (Early or late retirement of rotation requests can result in a Use ...)
NOT-FOR-US: Qualcomm components for Android
@@ -71956,6 +71975,7 @@ CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null poin
CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...)
{DSA-4339-1}
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
[jessie] - linux <not-affected> (Message signatures not implemented)
NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1
- ceph 12.2.8+dfsg1-1 (bug #913472)
@@ -71965,6 +71985,7 @@ CVE-2018-1129 (A flaw was found in the way signature calculation was handled by
CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph ...)
{DSA-4339-1}
- linux 4.19.9-1
+ [stretch] - linux 4.9.144-1
[jessie] - linux <ignored> (Protocol change is too difficult)
NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
- ceph 12.2.8+dfsg1-1 (bug #913471)
=====================================
data/next-point-update.txt
=====================================
@@ -1,47 +1,5 @@
CVE-2017-16612
[stretch] - wayland 1.12.0-1+deb9u1
-CVE-2018-13053
- [stretch] - linux 4.9.135-1
-CVE-2018-17972
- [stretch] - linux 4.9.135-1
-CVE-2018-18281
- [stretch] - linux 4.9.135-1
-CVE-2018-12896
- [stretch] - linux 4.9.144-1
-CVE-2018-18710
- [stretch] - linux 4.9.144-1
-CVE-2018-19407
- [stretch] - linux 4.9.144-1
-CVE-2017-18249
- [stretch] - linux 4.9.144-1
-CVE-2018-1128
- [stretch] - linux 4.9.144-1
-CVE-2018-1129
- [stretch] - linux 4.9.144-1
-CVE-2018-13096
- [stretch] - linux 4.9.144-1
-CVE-2018-13097
- [stretch] - linux 4.9.144-1
-CVE-2018-13100
- [stretch] - linux 4.9.144-1
-CVE-2018-14610
- [stretch] - linux 4.9.144-1
-CVE-2018-14611
- [stretch] - linux 4.9.144-1
-CVE-2018-14612
- [stretch] - linux 4.9.144-1
-CVE-2018-14613
- [stretch] - linux 4.9.144-1
-CVE-2018-14614
- [stretch] - linux 4.9.144-1
-CVE-2018-14616
- [stretch] - linux 4.9.144-1
-CVE-2018-16862
- [stretch] - linux 4.9.144-1
-CVE-2018-18690
- [stretch] - linux 4.9.144-1
-CVE-2018-5848
- [stretch] - linux 4.9.144-1
CVE-2018-16849
[stretch] - mistral 3.0.0-4+deb9u1
CVE-2018-19200
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/013a53e7a92882bf54f6c1a700f404fc9fea7f47
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/013a53e7a92882bf54f6c1a700f404fc9fea7f47
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190216/3fd2ec59/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list