[Git][security-tracker-team/security-tracker][master] Sync some kernel stati with kernel-sec decisions

Thu Jun 6 21:12:33 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c459a97b by Salvatore Bonaccorso at 2019-06-06T20:12:01Z
Sync some kernel stati with kernel-sec decisions

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46611,6 +46611,7 @@ CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. The
 	{DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
 CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
 	{DLA-1715-1}
@@ -50345,11 +50346,13 @@ CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel t
 	{DLA-1715-1}
 	- linux 4.18.10-1
 	[stretch] - linux 4.9.144-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
 CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel throug ...)
 	{DSA-4308-1 DLA-1531-1}
 	- linux 4.18.10-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
@@ -50364,12 +50367,14 @@ CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel t
 	{DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200171
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15
 CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
 	{DLA-1715-1}
 	- linux 4.19.9-1
 	[stretch] - linux 4.9.144-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
 	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
@@ -61604,6 +61609,7 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel
 	{DLA-1715-1}
 	- linux 4.12.6-1
 	[stretch] - linux 4.9.144-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
@@ -62565,6 +62571,8 @@ CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plu
 CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel thro ...)
 	{DSA-4187-1}
 	- linux 4.15.17-1
+	[stretch] - linux <ignored> (Minor issue)
+	[jessie] - linux <ignored> (Minor issue)
 	[wheezy] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
@@ -66608,6 +66616,8 @@ CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-sit
 	NOT-FOR-US: Yab Quarx
 CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the addr ...)
 	- linux 4.15.4-1
+	[stretch] - linux <ignored> (Minor issue)
+	[jessie] - linux <ignored> (Minor issue)
 	[wheezy] - linux <ignored> (Minor issue)
 	[jessie] - linux-4.9 <unfixed>
 	NOTE: https://lkml.org/lkml/2018/2/20/669
@@ -107865,10 +107875,12 @@ CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, w
 CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel  ...)
 	- linux 4.12.6-1
 	[stretch] - linux 4.9.47-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1)
 CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ke ...)
 	- linux 4.9.30-1
+	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
 	[wheezy] - linux <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1)
 CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c459a97bc7de860a7f9d36a08f35e7af3ba66be7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c459a97bc7de860a7f9d36a08f35e7af3ba66be7
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190606/c38d34aa/attachment-0001.html>
