[Git][security-tracker-team/security-tracker][master] Add fixed version for various linux CVEs in unstable

Salvatore Bonaccorso carnil at debian.org
Tue Jun 18 12:27:26 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a72366f by Salvatore Bonaccorso at 2019-06-18T11:27:14Z
Add fixed version for various linux CVEs in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2343,7 +2343,7 @@ CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext pas
 	NOT-FOR-US: eyeDisk
 CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
 CVE-2019-11883
 	RESERVED
@@ -2455,7 +2455,7 @@ CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00
 	NOTE: https://github.com/DaveGamble/cJSON/issues/337
 CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out  ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64
 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...)
 	NOT-FOR-US: Typo3
@@ -3405,15 +3405,15 @@ CVE-2019-11480
 CVE-2019-11479
 	RESERVED
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 CVE-2019-11478
 	RESERVED
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 CVE-2019-11477
 	RESERVED
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 CVE-2019-11476
 	RESERVED
 CVE-2019-11475
@@ -6815,7 +6815,7 @@ CVE-2019-10127
 	NOTE: https://www.postgresql.org/about/news/1939/
 CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in  ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	NOTE: https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de
 CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...)
 	NOT-FOR-US: phpFK
@@ -9264,7 +9264,7 @@ CVE-2019-9504
 CVE-2019-9503 [brcmfmac: add subtype check for event handling in data path]
 	RESERVED
 	{DSA-4465-1 DLA-1824-1 DLA-1799-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1)
 CVE-2019-9502
 	RESERVED
@@ -9273,7 +9273,7 @@ CVE-2019-9501
 CVE-2019-9500 [brcmfmac: assure SSID length from firmware is limited]
 	RESERVED
 	{DSA-4465-1 DLA-1824-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1)
 CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built  ...)
@@ -19334,7 +19334,7 @@ CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.ph
 	NOT-FOR-US: EARCLINK ESPCMS-P8
 CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 CVE-2019-5487
 	RESERVED
 CVE-2019-5486
@@ -22810,7 +22810,7 @@ CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5,
 	- moodle <removed>
 CVE-2019-3846 (A flaw that allowed an attacker to corrupt memory and possibly escalat ...)
 	{DSA-4465-1 DLA-1824-1 DLA-1823-1}
-	- linux <unfixed>
+	- linux 4.19.37-4
 	NOTE: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/
 CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...)
 	NOT-FOR-US: qpid dispatch router



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a72366fef7e8d75e600e9806dcedc2aa58a1c58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a72366fef7e8d75e600e9806dcedc2aa58a1c58
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190618/96998d8d/attachment.html>

More information about the debian-security-tracker-commits mailing list