[Git][security-tracker-team/security-tracker][master] Track fixes for src:linux issues via unstable

Thu Sep 26 16:45:20 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1170f80f by Salvatore Bonaccorso at 2019-09-26T15:44:42Z
Track fixes for src:linux issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -495,7 +495,7 @@ CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1
 	NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/
 CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...)
-	- linux <unfixed>
+	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736
 CVE-2019-16705 (Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in th ...)
 	- ming <removed>
@@ -3694,7 +3694,7 @@ CVE-2019-15539
 	RESERVED
 CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in ...)
 	{DLA-1919-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	[buster] - linux 4.19.67-2
 	[stretch] - linux 4.9.189-2
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -3769,9 +3769,9 @@ CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web requ
 CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
 	NOT-FOR-US: Kaseya Virtual System Administrator (VSA)
 CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...)
-	- linux <unfixed>
+	- linux 5.2.17-1
 CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...)
-	- linux <unfixed>
+	- linux 5.2.17-1
 	[stretch] - linux <not-affected> (Vulnerability introduced later)
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...)
@@ -4904,11 +4904,11 @@ CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 perm
 	NOT-FOR-US: cnlh nps
 CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...)
 	{DSA-4531-1 DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18
 CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...)
 	{DSA-4531-1 DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
 CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS  ...)
 	NOT-FOR-US: easy-digital-downloads plugin for WordPress
@@ -5229,12 +5229,12 @@ CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Featu
 CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...)
 	- ajaxplorer <itp> (bug #668381)
 CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
-	- linux <unfixed>
+	- linux 5.2.17-1
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97
 CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...)
-	- linux <unfixed>
+	- linux 5.2.17-1
 	[jessie] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60
 CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...)
@@ -5848,7 +5848,7 @@ CVE-2019-14836
 	RESERVED
 CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
 	{DSA-4531-1 DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1
 	NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
 CVE-2019-14834
@@ -5891,7 +5891,7 @@ CVE-2019-14822 [missing authorization flaw]
 	NOTE: https://github.com/ibus/ibus/issues/2137
 CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...)
 	{DSA-4531-1 DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
 CVE-2019-14820
 	RESERVED
@@ -5911,15 +5911,15 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.28, in the
 	NOTE: which changed the access to file permissions.
 CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...)
 	{DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 CVE-2019-14815
 	RESERVED
 	{DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 	[jessie] - linux <not-affected> (Vulnerability introduced later)
 CVE-2019-14814 (There is heap-based buffer overflow in Linux kernel, all versions up t ...)
 	{DLA-1930-1}
-	- linux <unfixed>
+	- linux 5.2.17-1
 CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.28, in the sets ...)
 	{DSA-4518-1 DLA-1915-1}
 	- ghostscript 9.28~~rc2~dfsg-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1170f80fd427f1112f602a47c69c50ed8c1ebce0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1170f80fd427f1112f602a47c69c50ed8c1ebce0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/c3ba187e/attachment.html>
