[Git][security-tracker-team/security-tracker][master] Merge in changes for linux in 10.1 point release

Salvatore Bonaccorso carnil at debian.org
Sat Sep 7 09:39:49 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
858dde43 by Salvatore Bonaccorso at 2019-09-07T08:39:19Z
Merge in changes for linux in 10.1 point release

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -337,9 +337,11 @@ CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An ou
 	NOTE: https://git.kernel.org/linus/f4351a199cc120ff9d59e06d02e8657d08e6cc46
 CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of bound ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/5d6751eaff672ea77642e74e92e6c0ac7f9709ab
 CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out of bo ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90
@@ -359,6 +361,7 @@ CVE-2017-18595 (An issue was discovered in the Linux kernel before 4.14.11. A do
 	NOTE: https://git.kernel.org/linus/4397f04575c44e1440ec2e49b6302785c95fd2f8
 CVE-2019-15924 (An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_ ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/01ca667133d019edc9f0a1f70a272447c84ec41f
 CVE-2019-15923 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...)
 	- linux 5.2.6-1 (unimportant)
@@ -375,6 +378,7 @@ CVE-2019-15921 (An issue was discovered in the Linux kernel before 5.0.6. There
 	NOTE: https://git.kernel.org/linus/ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2
 CVE-2019-15920 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_read i ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/088aaf17aa79300cab14dbee2569c58cfafd7d6e
 CVE-2019-15919 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_write  ...)
 	- linux 4.19.37-1
@@ -694,6 +698,7 @@ CVE-2019-15789
 	RESERVED
 CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d
 CVE-2019-15788 (Clara Genomics Analysis before 0.2.0 has an integer overflow for cudap ...)
 	NOT-FOR-US: Clara Genomics Analysis
@@ -1037,6 +1042,7 @@ CVE-2019-15667
 	RESERVED
 CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	[jessie] - linux 3.16.72-1
 	NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
 CVE-2019-15665
@@ -1401,6 +1407,7 @@ CVE-2019-15539
 	RESERVED
 CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in ...)
 	- linux <unfixed>
+	[buster] - linux 4.19.67-2
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee
 CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...)
@@ -2205,15 +2212,19 @@ CVE-2019-15222 (An issue was discovered in the Linux kernel before 5.2.8. There
 	NOTE: https://git.kernel.org/linus/5d78e1c2b7f4be00bbe62141603a631dc7812f35
 CVE-2019-15221 (An issue was discovered in the Linux kernel before 5.1.17. There is a  ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/3450121997ce872eb7f1248417225827ea249710
 CVE-2019-15220 (An issue was discovered in the Linux kernel before 5.2.1. There is a u ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/6e41e2257f1094acc37618bf6c856115374c6922
 CVE-2019-15219 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/9a5729f68d3a82786aea110b1bfe610be318f80a
 CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e
 CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...)
 	- linux 5.2.6-1
@@ -2221,9 +2232,11 @@ CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There
 CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a  ...)
 	{DLA-1884-1}
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3
 CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/eff73de2b1600ad8230692f00bc0ab49b166512a
 CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There is a  ...)
 	{DLA-1884-1}
@@ -2234,9 +2247,11 @@ CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/3864d33943b4a76c6e64616280e98d2410b1190f
 CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
 CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
 	NOT-FOR-US: Wordpress plugin
@@ -2739,6 +2754,7 @@ CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel throug
 	NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u
 CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
@@ -8531,6 +8547,7 @@ CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
 CVE-2019-XXXX [No grant table and foreign mapping limits]
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	[stretch] - linux 4.9.168-1+deb9u5
 	NOTE: https://xenbits.xen.org/xsa/advisory-300.html
 CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...)
@@ -17394,6 +17411,7 @@ CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including
 	NOTE: This is not a security issue per se
 CVE-2019-10142 (A flaw was found in the Linux kernel's freescale hypervisor manager im ...)
 	- linux 5.2.6-1 (unimportant)
+	[buster] - linux 4.19.67-1
 	[jessie] - linux 3.16.70-1
 	NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c
 	NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian.
@@ -20206,6 +20224,7 @@ CVE-2019-9507
 	RESERVED
 CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: Hardware issue, but mitigation in Linux kernel can be applied:
 	NOTE: https://git.kernel.org/linus/d5bb334a8e171b262e48f378bd2096c0ea458265 (5.2-rc1)
 	NOTE: https://git.kernel.org/linus/693cd8ce3f882524a5d06f7800dd8492411877b3 (5.2-rc6)
@@ -33767,6 +33786,7 @@ CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to l
 CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...)
 	{DSA-4497-1 DLA-1885-1 DLA-1884-1}
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
 	- heketi <itp> (bug #903384)
 CVE-2019-3898
@@ -46086,6 +46106,7 @@ CVE-2019-0137
 	RESERVED
 CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...)
 	- linux 5.2.6-1
+	[buster] - linux 4.19.67-1
 	NOTE: https://git.kernel.org/linus/79c92ca42b5a3e0ea172ea2ce8df8e125af237da
 	NOTE: https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f
 CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...)


=====================================
data/next-point-update.txt
=====================================
@@ -91,48 +91,6 @@ CVE-2019-8675
 	[buster] - cups 2.2.10-6+deb10u1
 CVE-2019-12269
 	[buster] - enigmail 2:2.0.12+ds1-1~deb10u1
-CVE-2019-15924
-	[buster] - linux 4.19.67-1
-CVE-2019-15920
-	[buster] - linux 4.19.67-1
-CVE-2019-15925
-	[buster] - linux 4.19.67-1
-CVE-2019-15926
-	[buster] - linux 4.19.67-1
-CVE-2019-1036
-	[buster] - linux 4.19.67-1
-CVE-2019-10142
-	[buster] - linux 4.19.67-1
-CVE-2019-15090
-	[buster] - linux 4.19.67-1
-CVE-2019-15211
-	[buster] - linux 4.19.67-1
-CVE-2019-15212
-	[buster] - linux 4.19.67-1
-CVE-2019-15215
-	[buster] - linux 4.19.67-1
-CVE-2019-15216
-	[buster] - linux 4.19.67-1
-CVE-2019-15218
-	[buster] - linux 4.19.67-1
-CVE-2019-15219
-	[buster] - linux 4.19.67-1
-CVE-2019-15220
-	[buster] - linux 4.19.67-1
-CVE-2019-15221
-	[buster] - linux 4.19.67-1
-CVE-2019-15223
-	[buster] - linux 4.19.67-1
-CVE-2019-3900
-	[buster] - linux 4.19.67-1
-CVE-2019-9506
-	[buster] - linux 4.19.67-1
-CVE-2019-15666
-	[buster] - linux 4.19.67-1
-CVE-2019-15807
-	[buster] - linux 4.19.67-1
-CVE-2019-15538
-	[buster] - linux 4.19.67-2
 CVE-2019-13486
 	[buster] - xymon 4.3.28-5+deb10u1
 CVE-2019-13485



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/858dde4363a2f5f6c0285782e585045a49106738

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/858dde4363a2f5f6c0285782e585045a49106738
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190907/3dd3e9bc/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list