[Git][security-tracker-team/security-tracker][master] Sync fixed version for some CVEs for src:linux with kernel-sec

Mon May 6 12:38:21 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
128b5963 by Salvatore Bonaccorso at 2019-05-06T11:37:51Z
Sync fixed version for some CVEs for src:linux with kernel-sec

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -393,7 +393,7 @@ CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains
 	[stretch] - signing-party <no-dsa> (Will be fixed via point release)
 	NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8
 CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
 CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
@@ -671,11 +671,11 @@ CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interf
 CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...)
 	NOT-FOR-US: SimplyBook.me Enterprise
 CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount reference co ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
 	NOTE: https://lwn.net/Articles/786044/
 CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
 	NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting
 	NOTE: from versions including this commit (or backport) or versions which disable
@@ -3914,7 +3914,7 @@ CVE-2019-10126
 CVE-2017-18364 (phpFK lite has XSS via the faq.php, members.php, or search.php query s ...)
 	NOT-FOR-US: phpFK
 CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel  ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://patchwork.kernel.org/patch/10828359/
@@ -5258,7 +5258,7 @@ CVE-2019-9848
 CVE-2019-9847
 	RESERVED
 CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
@@ -19474,7 +19474,7 @@ CVE-2019-3889
 CVE-2019-3888
 	RESERVED
 CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc
@@ -19509,7 +19509,7 @@ CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by wor
 	NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0)
 	NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9)
 CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1
 	NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
@@ -20677,13 +20677,13 @@ CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when do
 	- tmpreaper 1.6.14 (bug #918956)
 CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...)
 	{DLA-1771-1}
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux 4.9.168-1
 	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/
 	NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0
 CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...)
 	{DLA-1771-1}
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux 4.9.168-1
 	NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/
 	NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69
@@ -47959,11 +47959,11 @@ CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attack
 	NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
 	NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
 CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4. ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Lin ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux k ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered  ...)
 	- linux <unfixed> (low)
 	[buster] - linux <ignored> (Minor issue)
@@ -165535,7 +165535,7 @@ CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when usi
 	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
 	NOTE: http://xenbits.xen.org/xsa/advisory-164.html
 CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from uniniti ...)
-	- linux <unfixed>
+	- linux 4.19.37-1
 	[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
 	[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
 	[wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy; cf. kernel-sec for more details)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/128b5963cab06af4f5a7bd898d9b259b418a07ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/128b5963cab06af4f5a7bd898d9b259b418a07ca
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190506/b3f5d639/attachment.html>
