[Git][security-tracker-team/security-tracker][master] Update severity/status for some linux CVEs
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 5 14:53:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9fd0a2f9 by Salvatore Bonaccorso at 2019-06-05T13:52:51Z
Update severity/status for some linux CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -266,11 +266,15 @@ CVE-2019-12603
CVE-2019-12602
RESERVED
CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f
+ NOTE: This is a potential null pointer dereference that looks like it can
+ NOTE: only be invoked by root or the hypervisor. Probably no security impact.
CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://lkml.org/lkml/2019/6/3/526
+ NOTE: This is a potential null pointer dereference that looks like it can
+ NOTE: only be invoked by root or the hypervisor. Probably no security impact.
CVE-2019-12601
RESERVED
CVE-2019-12600
@@ -580,7 +584,8 @@ CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside t
CVE-2019-12456 (An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in ...)
- linux <unfixed>
CVE-2019-12455 (An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/c ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: No/negligible security impact
CVE-2019-12454 (An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codec ...)
- linux <not-affected> (Vulnerable code not present, introduced in 5.1-rc1)
CVE-2019-12453
@@ -775,15 +780,20 @@ CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerabili
NOTE: https://trac.torproject.org/projects/tor/ticket/24056
NOTE: This affects Firefox, but it's not a security issue in Firefox by itself
CVE-2019-12382 (An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/d ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12381 (An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12380 (An issue was discovered in the efi subsystem in the Linux kernel throu ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: So security impact, all code involved runs at boot before userland starts
CVE-2019-12379 (An issue was discovered in con_insert_unipair in drivers/tty/vt/consol ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: No real security issue and fix introduces real security issue, see kernel-sec
CVE-2019-12378 (An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Issue with no security impact, see kernel-sec, invalid issue
CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...)
NOT-FOR-US: LANDESK
CVE-2019-12376 (Use of a hard-coded encryption key in Ivanti LANDESK Management Suite ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd0a2f9b8e0f3199263d0e9d92ba67103321736
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fd0a2f9b8e0f3199263d0e9d92ba67103321736
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190605/87e31e37/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list